Hi there,
Quick info: Running Ubuntu 10.04, Shorewall version 4.4.13.3. We have three
ISP's, eth0, eth1, and eth3. Eth0 and eth1 get their IPs statically and eth3
gets it via DHCP. eth4 goes out to the local network and dnsmasq acts as the
DHCP server and DNS forwarder on this interface.
Things for the most part run fine, but every week (on Wednesday afternoons)
the internet crawls to a stand still. Some sites still work, but most don't.
Interestingly, I can ping all websites from the local zone and the operating
system will show you as connected to the internet, but most sites will not
load. After restarting the computer running shorewall and tinkering with
commands (sudo /etc/init.d/networking restart), things return to normal.
After reading the dhcp.htm support page, I assume the problem lies here: "In
the event that the subnet address might change while Shorewall is started,
you need to arrange for a “shorewall refresh” command to be executed when a
new dynamic IP address gets assigned to the interface. Check your DHCP
client's documentation."
I assume this is what is happening and have consulted Ubuntu's dhclient's
documentation but can't find how to execute a command upon a new dynamic ip
assignment.
I have attached relevant configuration files in case the problem lies deeper
than a simple tweak of dhclient. If you need more information, let me know.
Thank you greatly for any help.
Matt
/etc/network/interfaces:
auto eth0
iface eth0 inet static
address 75.101.48.152
netmask 255.255.255.0
auto eth1
iface eth1 inet static
address 75.101.48.160
netmask 255.255.255.0
auto eth3
iface eth3 inet dhcp
auto eth4
iface eth4 inet static
address 192.168.1.1
network 192.168.1.0
netmask 255.255.255.0
broadcast 192.168.1.255
Shorewall Zones:
fw firewall
net ipv4
loc ipv4
Shorewall Interfaces:
net eth0 detect
net eth1 detect
net eth3 detect dhcp
loc eth4 detect dhcp
Providers:
SON1 1 0x1 main eth0 75.101.48.1
track,balance eth4
SON2 2 0x2 main eth1 75.101.48.1
track,balance eth4
SON3 3 0x3 main eth3 detect
track,balance eth4
Route Rules:
eth0 - SON1 1000
eth1 - SON2 1000
eth3 - SON3 1000
Masq:
eth0 192.168.1.0/24 75.101.48.152
eth1 192.168.1.0/24 75.101.48.160
eth3 192.168.1.0/24 detect
Policy:
loc net ACCEPT
fw all ACCEPT
net all DROP info
all all REJECT
shorewall.conf:
(the settings i changed)
STARTUP_ENABLED=Yes
MARK_IN_FORWARD_CHAIN=Yes
FASTACCEPT=Yes
OPTIMIZE=1
------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
