Okay, so I'm trying to setup my multiple ISP setup that I described earlier.
I have:
# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether 00:b0:d0:df:e3:1d brd ff:ff:ff:ff:ff:ff
inet 10.10.0.1/16 brd 10.10.255.255 scope global em1
inet6 fe80::2b0:d0ff:fedf:e31d/64 scope link
valid_lft forever preferred_lft forever
3: em2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether 00:b0:d0:df:e3:1e brd ff:ff:ff:ff:ff:ff
inet 192.168.201.1/29 brd 192.168.201.7 scope global em2
inet 4.28.99.161/27 brd 4.28.99.191 scope global em2
inet6 fe80::2b0:d0ff:fedf:e31e/64 scope link
valid_lft forever preferred_lft forever
4: p2p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc htb state UP qlen 1000
link/ether 00:02:b3:a1:9b:03 brd ff:ff:ff:ff:ff:ff
inet 65.44.101.162/27 brd 65.44.101.191 scope global p2p1
inet 4.28.99.185/32 scope global p2p1
inet 65.44.101.183/27 brd 65.44.101.191 scope global secondary p2p1
inet 65.44.101.185/27 brd 65.44.101.191 scope global secondary p2p1
inet 65.44.101.187/27 brd 65.44.101.191 scope global secondary p2p1
inet 65.44.101.188/27 brd 65.44.101.191 scope global secondary p2p1
inet6 fe80::202:b3ff:fea1:9b03/64 scope link
valid_lft forever preferred_lft forever
5: p2p2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc htb state UP
qlen 1000
link/ether 00:02:b3:a1:9b:04 brd ff:ff:ff:ff:ff:ff
inet 4.28.99.98/30 brd 4.28.99.99 scope global p2p2
inet6 fe80::202:b3ff:fea1:9b04/64 scope link
valid_lft forever preferred_lft forever
7: ifb0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc htb state UNKNOWN qlen 32
link/ether aa:16:8a:04:ae:4f brd ff:ff:ff:ff:ff:ff
inet6 fe80::a816:8aff:fe04:ae4f/64 scope link
valid_lft forever preferred_lft forever
8: ifb1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc htb state UNKNOWN qlen 32
link/ether 2a:d4:11:cc:22:b8 brd ff:ff:ff:ff:ff:ff
inet6 fe80::28d4:11ff:fecc:22b8/64 scope link
valid_lft forever preferred_lft forever
p2p2 is the new ISP interface. tshark -i p2p2 shows:
862.332476 00:18:74:cf:f4:00 -> ff:ff:ff:ff:ff:ff ARP Who has 4.28.99.98?
Tell 4.28.99.97
867.898209 00:18:74:cf:f4:00 -> ff:ff:ff:ff:ff:ff ARP Who has 4.28.99.98?
Tell 4.28.99.97
872.452248 00:18:74:cf:f4:00 -> ff:ff:ff:ff:ff:ff ARP Who has 4.28.99.98?
Tell 4.28.99.97
877.454218 00:18:74:cf:f4:00 -> ff:ff:ff:ff:ff:ff ARP Who has 4.28.99.98?
Tell 4.28.99.97
...
and so on. So, why the heck isn't the interface responding to the arp request?
/etc/shorewall/interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
# I think we need routeback for loc-natted addresses
loc em1 detect routeback
# Need routeback for dmz-dmz across ISP addresses
dmz em2 detect routeback
net p2p1 detect routefilter
net p2p2 detect routefilter
ppp ppp0 detect
nwvpn tun0
road tun1
Thanks!
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane [email protected]
Boulder, CO 80301 http://www.cora.nwra.com
------------------------------------------------------------------------------
Doing More with Less: The Next Generation Virtual Desktop
What are the key obstacles that have prevented many mid-market businesses
from deploying virtual desktops? How do next-generation virtual desktops
provide companies an easier-to-deploy, easier-to-manage and more affordable
virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
