On 07/18/2012 07:05 AM, Roland dnaloR wrote:
> Dear all,
>
> i need your advice to help me accomplish the following goal:
>
> source: 192.168.70.0/24 dst: 4.2.2.0/24 (for example) to be routed
> through ISP#1
> source 192.168.70.0/24 dst: 0.0.0.0/24 to be routed to ISP#2
>
> if one or the other failed, to fail over it's relevant routes to the
> working one.
>
>
> Issues i'm facing:
>
> - No logging under /var/log/messages #Even though i have "info" set in
> policy for all traffic in/out
Two things:
- The setting of LOGFILE *does not* determine where messages are logged.
See Shorewall FAQs 6 and 91.
- Traffic that matches an entry in /etc/shorewall/rules will not be
logged unless you request it in the rule.
> - all traffic defaults to just one ISP.
> my tcrule:
> 2 192.168.70.0/24 4.2.2.0/24
> 1 192.168.70.0/24 0.0.0.0/0
>From shorewall-tcrules(5):
*Important*
Unlike rules in the shorewall-rules(5) file, evaluation of
rules in this file will continue after a match. So the final
mark for each packet will be the one assigned by the LAST
tcrule that matches.
So with your rules, all packets are being marked with value 1.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
