Hey, Its taken a while to reproduce, I put the modems back into bridged mode and eventually got this:
acfxlinux storage # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 203.33.255.118 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 203.33.255.118 0.0.0.0 255.255.255.255 UH 0 0 0 ppp1 10.100.13.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 10.100.12.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 10.1.10.0 192.168.1.30 255.255.255.0 UG 2 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo 0.0.0.0 203.33.255.118 0.0.0.0 UG 4005 0 0 ppp0 0.0.0.0 203.33.255.118 0.0.0.0 UG 4006 0 0 ppp1 The good news is after removing the 'detect' from the providers file its still all working fine even with identical gateways! Many thanks for helping me with this Tom :) -----Original Message----- From: Tom Eastep [mailto:[email protected]] Sent: Wednesday, 11 January 2012 2:51 AM To: Shorewall Users Subject: Re: [Shorewall-users] Shorewall gateway - routing issue with dual wan (looking to report possible bug ?) On Mon, 2012-01-09 at 20:51 -0800, Tom Eastep wrote: > > On Jan 9, 2012, at 7:51 PM, Nick wrote: > >> I can reproduce the error by setting the gateways to the same address. > > > > Which is a configuration that will never work. Neither Shorewall nor the > > Linux IP stack will handle that. I should quantify that. Balancing using a multi-hop default route will not work in that case. Over the past couple of weeks, I have been working on an alternative for balancing that does not involve multi-hop routes. It rather uses the 'Statistic Match' feature in iptables/Netfilter that allows a rule to match randomly with a specified probability. I have been running it here at shorewall.net for the last few days and it seems to work well. It will be available in the next 4.5.0 Beta and will provide relief to users with two WAN Ethernet interfaces that happen to have the same default gateway. Here is my providers file: #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY ComcastB 1 - - eth1 70.90.191.126 loose,balance ComcastC 2 - - eth0 detect loose,fallback I have PROVIDER_OFFSET=16 and PROVIDER_BITS=2 which means that the 'provider mask' is 0x30000, ComcastB's mark is 0x10000 and ComcastC's mark is 0x20000. I also have TRACK_PROVIDERS=Yes. Here are the relevant entries in my tcrules file: ... 0X10000/0x30000 eth2 - ; test=0/0x30000, probability=0.66666667 0x20000/0x30000 eth2 - ; test=0/0x30000 0X10000/0x30000 fw - ; test=0/0x30000, probability=0.66666667 0x20000/0x30000 fw - ; test=0/0x30000 The first two distribute connections from the local LAN (eth2) between the two providers with a 2:1 advantage to ComcastB. The second two perform the same distribution for connections originating on the firewall itself (Note: $FW = 'fw' in my configuration). I include 0/0x30000 in the TEST column because earlier rules may have already marked to packet based on other criteria. I hope to be able to make this easier to configure before 4.5.0 final; we'll see. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
