On Jul 28, 2013, at 9:25 PM, Steve Wray <[email protected]> wrote:
> Hi, > > I live in Mongolia and our ISPs are pretty unreliable. I just got a second > line in and have set up Shorewall in a loadbalancing/failover configuration. > > Its going pretty well except for one thing; http sessions. > > For example, I go to a website and log in. I go to enter a support ticket and > click submit. I then get kicked back to the login screen and no ticket is > submitted. > > I've tested this by setting tcrules to send http/https traffic through one > specific ISP and when I do this the problem doesn't occur and I can submit > support tickets no problem. > > My providers looks like this: > > mobinet 1 1 main ppp0 detect loose,track,balance=3 eth0 > sansar 2 2 main ppp1 detect loose,track,balance=1 eth0 > > they are both going through pppoe connections. The mobinet connection is 5M > and the sansar 3M, mobinet also has lower latency, hence the balance=3 > eth0 is the LAN interface. > > The interfaces looks like this: > > - lo - - > out0 ppp0 detect > tcpflags,optional,nosmurfs,routefilter=0,logmartians=0 > out1 ppp1 detect > tcpflags,optional,nosmurfs,routefilter=0,logmartians=0 > lan eth0 detect dhcp > > I've configured ppp to assign ppp0 to mobinet and ppp1 to sansar. > > When I put this into tcrules, the HTTP/S problem goes away: > > 2:P 192.168.5.0/24 0.0.0.0/0 tcp 80 > 2:P 192.168.5.0/24 0.0.0.0/0 tcp 443 > > I had thought that the 'track' option in providers was supposed to deal with > this? What else might I need to consider? The 'track' option deals with *incoming* connections; it insures that replies to incoming requests go out over the correct provider. You want to use the 'SAME' target in /etc/shorewall/tcrules. Here's what I have: SAME:P INT_IF - tcp 443 You may want to start with: SAME:P INT_IF - tcp 80,443 -Tom Tom Eastep \ Nothing is foolproof to a Shoreline, \ sufficiently talented fool Washington, USA \ http://shorewall.net \________________________________________________
signature.asc
Description: Message signed with OpenPGP using GPGMail
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
