[Shorewall-users] Lsm Failover

Fri, 18 May 2012 10:57:14 -0700 

Hi Tom,

Seem to have an issue with my config.
If a failover occurs, the firewall detects it and does its job to 'disable' 
device.
Lsm cannot succesfully ping a outside Ip on failover on the device that 
comes back up.
Here eth0 is up. Yet shorewall eth0 status = 1

eth0      Link encap:Ethernet  HWaddr 00:02:B3:D7:B3:C7  
          inet addr:205.134.193.138  Bcast:205.134.193.143  
Mask:255.255.255.248
          inet6 addr: fe80::202:b3ff:fed7:b3c7/64 Scope:Link


Gate:~ # ping -I 205.134.193.138 4.2.2.2
PING 4.2.2.2 (4.2.2.2) from 205.134.193.138 : 56(84) bytes of data.
64 bytes from 4.2.2.2: icmp_seq=1 ttl=56 time=32.6 ms
64 bytes from 4.2.2.2: icmp_seq=2 ttl=56 time=29.3 ms

Here Lsm is not able to ping in its log on verbose. Rea=eth0

May 18 10:45:43 Gate lsm[20982]: name = Com, replied = 100, waiting = 0, 
timeout = 0, late reply = 0, cons rcvd = 100, cons wait = 0, cons miss = 0, 
avg_rtt = 31.099, seq = 35330
May 18 10:45:44 Gate lsm[20982]: received seq = 35330 from 4.2.2.1, id = 
20981, num_sent = 35330, target id = 1, time_diff = 29471
May 18 10:45:44 Gate lsm[20982]: name = Rea, replied = 0, waiting = 100, 
timeout = 99, late reply = 0, cons rcvd = 0, cons wait = 100, cons miss = 
100, avg_rtt = 0.000, seq = 35332
May 18 10:45:44 Gate lsm[20982]: name = Com, replied = 100, waiting = 0, 
timeout = 0, late reply = 0, cons rcvd = 100, cons wait = 0, cons miss = 0, 
avg_rtt = 31.080, seq = 35331
May 18 10:45:45 Gate lsm[20982]: received seq = 35331 from 4.2.2.1, id = 
20981, num_sent = 35331, target id = 1, time_diff = 29859

<snip> of shorewall restart
Setting up Proxy ARP...
Adding Providers...
   WARNING: Interface eth0 is not usable -- Provider rea (1) not Started
Setting up Traffic Control...
Preparing iptables-restore input...

Gate:~ # shorewall show routing
Shorewall 4.5.3.1 Routing at Gate.tituswill.com - Fri May 18 10:48:02 PDT 
2012


Routing Rules

0:      from all lookup local 
999:    from all lookup main 
1000:   from all to 192.168.100.0/24 lookup main 
1000:   from all to 10.199.7.0/24 lookup main 
10001:  from all fwmark 0x200/0xff00 lookup com 
20000:  from 50.78.47.90 lookup com 
32765:  from all lookup balance 
32767:  from all lookup default 

Table balance:

default via 50.78.47.94 dev eth1

Table com:

50.78.47.94 dev eth1 scope link src 50.78.47.90
default via 50.78.47.94 dev eth1 src 50.78.47.90

Table default:

205.134.193.137 dev eth0 scope link

Table local:

local 50.78.47.90 dev eth1 proto kernel scope host src 50.78.47.90
local 205.134.193.138 dev eth0 proto kernel scope host src 205.134.193.138
local 172.16.2.1 dev tun0 proto kernel scope host src 172.16.2.1
local 172.16.100.1 dev tun2 proto kernel scope host src 172.16.100.1
local 127.0.0.2 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
local 10.20.227.1 dev vlan10 proto kernel scope host src 10.20.227.1
local 10.19.227.20 dev eth3 proto kernel scope host src 10.19.227.20
broadcast 50.78.47.95 dev eth1 proto kernel scope link src 50.78.47.90
broadcast 50.78.47.88 dev eth1 proto kernel scope link src 50.78.47.90
broadcast 205.134.193.143 dev eth0 proto kernel scope link src 
205.134.193.138
broadcast 205.134.193.136 dev eth0 proto kernel scope link src 
205.134.193.138
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
broadcast 10.20.227.255 dev vlan10 proto kernel scope link src 10.20.227.1
broadcast 10.20.227.0 dev vlan10 proto kernel scope link src 10.20.227.1
broadcast 10.19.227.255 dev eth3 proto kernel scope link src 10.19.227.20
broadcast 10.19.227.0 dev eth3 proto kernel scope link src 10.19.227.20

Table main:

50.78.47.94 dev eth1 scope link src 50.78.47.90
205.134.193.137 dev eth0 scope link src 205.134.193.138
172.16.2.2 dev tun0 proto kernel scope link src 172.16.2.1
172.16.100.2 dev tun2 proto kernel scope link src 172.16.100.1
50.78.47.88/29 dev eth1 proto kernel scope link src 50.78.47.90
205.134.193.136/29 dev eth0 proto kernel scope link src 205.134.193.138
192.168.100.0/24 via 172.16.2.2 dev tun0
10.4.138.0/24 via 10.19.227.254 dev eth3
10.20.227.0/24 dev vlan10 proto kernel scope link src 10.20.227.1
10.199.7.0/24 via 172.16.100.2 dev tun2
10.194.244.0/24 via 10.19.227.254 dev eth3
10.192.139.0/24 via 10.19.227.254 dev eth3
10.19.227.0/24 dev eth3 proto kernel scope link src 10.19.227.20
10.143.99.0/24 via 10.19.227.254 dev eth3
10.10.182.0/24 via 10.19.227.254 dev eth3
169.254.0.0/16 dev eth0 scope link
127.0.0.0/8 dev lo scope link
Gate:~ # 






------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to