On 03/16/2012 06:32 AM, Jesús Dominguez wrote: > Hi everybody, > > first of all sorry about my english. I try to do the best y can. > > I am able to run shorewall as a firewall-router with one ISP. (with > differents zones, interfaces, etc..). > > My problem appear when i try to use-balance two Multiple Internet > Connections. My multiple internet lines are properly working on their own. > If i configure shorewall with one Internet Connection i have no problems. > > Problems appear as i said when I use two connection. This is my > configuration files: > interfaces > #ZONE INTERFACE BROADCAST OPTIONS > net eth2 detect logmartians > net ppp0 detect logmartians > loc eth1 detect logmartians > > zones > #ZONE TYPE > fw firewall > net ipv4 > loc ipv4 > > masq > #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC > MARK > eth2 192.168.40.0/24 > ppp0 192.168.40.0/24 > > providers > #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY > OPTIONS COPY > jazztel 1 0x1 main eth2 192.168.1.1 > balance,track eth1 > vodafone 2 0x2 main ppp0 - > balance,track eth1 > > > I try to do a ping from the lan (loc) and I get it the log: > > Mar 16 13:09:06 lizanote kernel: [13961.140104] ll header: 00:02:b3:c7 > Mar 16 13:09:09 lizanote kernel: [13964.144026] martian source > 192.168.1.100 from 212.166.210.80, on dev ppp0 > > # /sbin/shorewall version > 4.4.11.6 > > ip addr show > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever > 2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000 > link/ether 00:02:b3:c7:2b:f6 brd ff:ff:ff:ff:ff:ff > 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state > UP qlen 1000 > link/ether 00:02:b3:c7:2f:77 brd ff:ff:ff:ff:ff:ff > inet 192.168.40.1/24 brd 192.168.40.255 scope global eth1 > inet6 fe80::202:b3ff:fec7:2f77/64 scope link > valid_lft forever preferred_lft forever > 4: eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast > state DOWN qlen 1000 > link/ether 00:21:9b:61:db:b9 brd ff:ff:ff:ff:ff:ff > inet 192.168.1.100/24 brd 192.168.1.255 scope global eth2 > inet6 fe80::221:9bff:fe61:dbb9/64 scope link > valid_lft forever preferred_lft forever > 7: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc > pfifo_fast state UNKNOWN qlen 3 > link/ppp > inet 212.166.226.182 peer 10.64.64.64/32 scope global ppp0 > > ip route show > 10.64.64.64 dev ppp0 proto kernel scope link src 212.166.226.182 > 192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.100 > 192.168.40.0/24 dev eth1 proto kernel scope link src 192.168.40.1 > default > nexthop via 192.168.1.1 dev eth2 weight 1 > nexthop dev ppp0 weight 1 >
What is happening here is that the ping packet was sent out of eth2 but
the response is being received through ppp0.
I suggest adding this to /etc/shorewall/init:
qt $IP route replace 212.166.224.0/20 dev ppp0
and 'shorewall restart'. That should force traffic to Vodocom Spain to
be routed out of ppp0 rather than eth2.
If that doesn't work, then change /etc/shorewall/interfaces like this:
#ZONE INTERFACE BROADCAST OPTIONS
net eth2 detect logmartians=0,routefilter=0
net ppp0 detect logmartians=0,routefilter=0
loc eth1 detect logmartians
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
