On Apr 20, 2011, at 11:25 AM, Lee Brown wrote: > Hi, > > I have a multi-ISP situation (working well) whereby I need to turn off one of > my ISP's once a cap has been reached. > I can turn it off quite easily by replacing the default route in the main > table: > default > nexthop via 10.1.5.3 dev eth1.5 weight 1 > nexthop via XX.XXX.XX.33 dev eth1.9 weight 1 > > with > default via 10.1.5.3 dev eth1.5 > > But if I try to reverse the process and replace the default route with the > 1st one, packets routed via the eth1.9 provider goes into a black hole (not > investigated where packets end up)
It's not the outgoing packets that are the issue, I'm betting, but rather that incoming packets suddenly become martians (you can confirm that by looking at your kernel log). Turn off routefilter on both of your interfaces and it should work better. Note, however, that if the ISP through which eth1.5 connects is doing egress filtering, then that ISP will drop traffic whose source is XX.XXX.XX.33. > > Doing a shorewall restart takes several minutes, so I'd like to avoid that if > possible, but it always puts things the way they should be. You must be using an ancient version of Shorewall with the shell-based rules compiler. If you upgrade to the current version, I'm betting that restart will be fast (and it will be seamless). > > I'm thinking the direction I should be going in is either: > 1. To insert/delete an iptables rule to mark the packets for the always-on > ISP when the variable ISP has expired (per the FAQ) > 2. Generate 2 sets of rules for iptables using shorewall (one with multi-path > default route, one with single path) and swap one for the other. I would try the routefilter thing first. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Benefiting from Server Virtualization: Beyond Initial Workload Consolidation -- Increasing the use of server virtualization is a top priority.Virtualization can reduce costs, simplify management, and improve application availability and disaster protection. Learn more about boosting the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
