Thanks for the reply. Given your advice, i fixed the logs part and edited my tcrules:
1 192.168.70.0/24 0.0.0.0/0 2 192.168.70.0/24 4.2.2.2 With that, 4.2.2.2 always routes through the second ISP correctly. though some things match the first rule and others don't and still go through the second unless is specifically add them by IP to go through the first.. Any On 7/18/12 10:05 PM, Tom Eastep wrote: > On 07/18/2012 07:05 AM, Roland dnaloR wrote: >> Dear all, >> >> i need your advice to help me accomplish the following goal: >> >> source: 192.168.70.0/24 dst: 4.2.2.0/24 (for example) to be routed >> through ISP#1 >> source 192.168.70.0/24 dst: 0.0.0.0/24 to be routed to ISP#2 >> >> if one or the other failed, to fail over it's relevant routes to the >> working one. >> >> >> Issues i'm facing: >> >> - No logging under /var/log/messages #Even though i have "info" set in >> policy for all traffic in/out > Two things: > > - The setting of LOGFILE *does not* determine where messages are logged. > See Shorewall FAQs 6 and 91. > > - Traffic that matches an entry in /etc/shorewall/rules will not be > logged unless you request it in the rule. > > >> - all traffic defaults to just one ISP. >> my tcrule: >> 2 192.168.70.0/24 4.2.2.0/24 >> 1 192.168.70.0/24 0.0.0.0/0 > >From shorewall-tcrules(5): > > *Important* > > Unlike rules in the shorewall-rules(5) file, evaluation of > rules in this file will continue after a match. So the final > mark for each packet will be the one assigned by the LAST > tcrule that matches. > > So with your rules, all packets are being marked with value 1. > > -Tom ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
