Hi Tom, Thanks for the replies, i have implemented what you have said and have made some progress but not quite there yet. A few things are that when this dual ISP config is bought up (with tun1 optional interface up) the firewall can no longer ping out unless i specifiy the interface. root@router:/etc/shorewall# ping -I ppp0 208.67.220.220 PING 208.67.220.220 (208.67.220.220) from 2.51.55.23 ppp0: 56(84) bytes of data. 64 bytes from 208.67.220.220: icmp_req=1 ttl=54 time=118 ms ^C --- 208.67.220.220 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3011ms rtt min/avg/max/mdev = 105.122/114.716/118.224/5.542 ms
root@router:/etc/shorewall# ping 208.67.220.220 PING 208.67.220.220 (208.67.220.220) 56(84) bytes of data. ^C --- 208.67.220.220 ping statistics --- 5 packets transmitted, 0 received, 100% packet loss, time 3999ms Secondly, if i set the IP of a workstation on the lan to 192.168.69.60 (we specified in tcrules to route packets from this IP address out of the second provider), the tcrules is definitely doing something as the pings timeout on the workstation, and then tun1 dies on the firewall. If i set it to any normal IP address then the workstation can connect to the internet normally. I have checked and may well still be missing something or making a mistake still. I have attached another shorewall dump for your review at your convenience. Thanks for the help. Chris Date: Wed, 18 May 2011 13:44:40 -0700 From: [email protected] To: [email protected] Subject: Re: [Shorewall-users] Multi-ISP over tun not working On 05/18/2011 01:22 PM, Chris Morley wrote: I sent my last post too soon. You also want to remove the 'balance' option from tun1. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ What Every C/C++ and Fortran developer Should Know! Read this article and learn how Intel has extended the reach of its next-generation tools to help Windows* and Linux* C/C++ and Fortran developers boost performance applications - including clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
status.txt.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
