> On 05/18/2012 02:08 PM, Mike Lander wrote:
> > Tom,
> > I have one last question about this, I noticed that in your config. You
use
> > the default gateway of your ISP's.
> > Many times I have had various isp's fail. I ping the default gateway as
a
> > test. 99% of the gateway replies,
> > because they are static. Then I try something downstream and of course
its
> > down.
> > In your case does your failover work because its dhcp? And your
default
> > gate is not active in your comcast modem?
> >
> > The reason I ask is originally I had entered the next downstream hop
on
> > both these ISPs when I started
> > testing. I used the common open dns servers as a last resort last
night.
> > (4.2.2.2) (They always answer pings.)
> > Since I now know that lsm did not have the correct routes> inferface,
this
> > has been my trouble.
>
>
> Mike,
>
> My configuration has changed quite a bit since I published that article.
> Then, the default gateway was at the provider's facility and not local.
> Now my default gateway is local on one uplink so I ping the next hop
> router and use TTL=2 on that provider. The problems I have encountered
> are almost always between my house and the provider, so doing it that is
> adequate and there are always the proper routes in place.
>
> -Tom
> --
Hi Tom,
The failover worked last night. However this morning with tcpoutgoiung
empty.
Squid was requesting pages through my failover ISP 'rea' in this case.
I entered tcpgoing= to fix it for now.
After re-reading. I have changed restore defaultroute=No and changed
providers.
Right now I think squids cache is fooling me so I will leave this for
awhile and check
tonight.
before changes
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY
OPTIONS COPY
rea 1 256 - eth0 205.134.193.137
fallback
com 2 512 - eth1 50.78.47.94
New config I am trying>shorewall show routing is with the provider config
here
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY
OPTIONS COPY
rea 1 256 - eth0 205.134.193.137
loose,fallback
com 2 512 - eth1 50.78.47.94
balance
Gate:~ # shorewall show routing
Shorewall 4.5.3.1 Routing at Gate.tituswill.com - Sat May 19 13:32:25 PDT
2012
Routing Rules
0: from all lookup local
999: from all lookup main
1000: from all to 192.168.100.0/24 lookup main
1000: from all to 10.199.7.0/24 lookup main
10000: from all fwmark 0x100/0xff00 lookup rea
10001: from all fwmark 0x200/0xff00 lookup com
20000: from 50.78.47.90 lookup com
32765: from all lookup balance
32767: from all lookup default
Table balance:
default via 50.78.47.94 dev eth1
Table com:
50.78.47.94 dev eth1 scope link src 50.78.47.90
default via 50.78.47.94 dev eth1 src 50.78.47.90
Table default:
205.134.193.137 dev eth0 scope link
default via 205.134.193.137 dev eth0 src 205.134.193.138 metric 1
Table local:
local 50.78.47.90 dev eth1 proto kernel scope host src 50.78.47.90
local 205.134.193.138 dev eth0 proto kernel scope host src 205.134.193.138
local 172.16.2.1 dev tun0 proto kernel scope host src 172.16.2.1
local 172.16.100.1 dev tun2 proto kernel scope host src 172.16.100.1
local 127.0.0.2 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
local 10.20.227.1 dev vlan10 proto kernel scope host src 10.20.227.1
local 10.19.227.20 dev eth3 proto kernel scope host src 10.19.227.20
broadcast 50.78.47.95 dev eth1 proto kernel scope link src 50.78.47.90
broadcast 50.78.47.88 dev eth1 proto kernel scope link src 50.78.47.90
broadcast 205.134.193.143 dev eth0 proto kernel scope link src
205.134.193.138
broadcast 205.134.193.136 dev eth0 proto kernel scope link src
205.134.193.138
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
broadcast 10.20.227.255 dev vlan10 proto kernel scope link src 10.20.227.1
broadcast 10.20.227.0 dev vlan10 proto kernel scope link src 10.20.227.1
broadcast 10.19.227.255 dev eth3 proto kernel scope link src 10.19.227.20
broadcast 10.19.227.0 dev eth3 proto kernel scope link src 10.19.227.20
Table main:
73.98.6.1 via 50.78.47.94 dev eth1
50.78.47.94 dev eth1 scope link src 50.78.47.90
205.134.212.1 via 205.134.193.137 dev eth0
205.134.193.137 dev eth0 scope link src 205.134.193.138
172.16.2.2 dev tun0 proto kernel scope link src 172.16.2.1
172.16.100.2 dev tun2 proto kernel scope link src 172.16.100.1
50.78.47.88/29 dev eth1 proto kernel scope link src 50.78.47.90
205.134.193.136/29 dev eth0 proto kernel scope link src 205.134.193.138
192.168.100.0/24 via 172.16.2.2 dev tun0
10.4.138.0/24 via 10.19.227.254 dev eth3
10.20.227.0/24 dev vlan10 proto kernel scope link src 10.20.227.1
10.199.7.0/24 via 172.16.100.2 dev tun2
10.194.244.0/24 via 10.19.227.254 dev eth3
10.192.139.0/24 via 10.19.227.254 dev eth3
10.19.227.0/24 dev eth3 proto kernel scope link src 10.19.227.20
10.143.99.0/24 via 10.19.227.254 dev eth3
10.10.182.0/24 via 10.19.227.254 dev eth3
169.254.0.0/16 dev eth0 scope link
127.0.0.0/8 dev lo scope link
Table rea:
205.134.193.137 dev eth0 scope link src 205.134.193.138
default via 205.134.193.137 dev eth0 src 205.134.193.138
You have new mail in /var/mail/root
Gate:~ #
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
