If I wanted to use a squid proxy running on the router I'd have this?
SAME $FW - tcp
80,443
On 29 July 2013 21:28, Tom Eastep <[email protected]> wrote:
>
> On Jul 28, 2013, at 9:25 PM, Steve Wray <[email protected]> wrote:
>
> Hi,
>
> I live in Mongolia and our ISPs are pretty unreliable. I just got a second
> line in and have set up Shorewall in a loadbalancing/failover configuration.
>
> Its going pretty well except for one thing; http sessions.
>
> For example, I go to a website and log in. I go to enter a support ticket
> and click submit. I then get kicked back to the login screen and no ticket
> is submitted.
>
> I've tested this by setting tcrules to send http/https traffic through one
> specific ISP and when I do this the problem doesn't occur and I can submit
> support tickets no problem.
>
> My providers looks like this:
>
> mobinet 1 1 main ppp0 detect loose,track,balance=3 eth0
> sansar 2 2 main ppp1 detect loose,track,balance=1 eth0
>
> they are both going through pppoe connections. The mobinet connection is
> 5M and the sansar 3M, mobinet also has lower latency, hence the balance=3
> eth0 is the LAN interface.
>
> The interfaces looks like this:
>
> - lo - -
> out0 ppp0 detect
> tcpflags,optional,nosmurfs,routefilter=0,logmartians=0
> out1 ppp1 detect
> tcpflags,optional,nosmurfs,routefilter=0,logmartians=0
> lan eth0 detect dhcp
>
> I've configured ppp to assign ppp0 to mobinet and ppp1 to sansar.
>
> When I put this into tcrules, the HTTP/S problem goes away:
>
> 2:P 192.168.5.0/24 0.0.0.0/0 tcp 80
> 2:P 192.168.5.0/24 0.0.0.0/0 tcp 443
>
> I had thought that the 'track' option in providers was supposed to deal
> with this? What else might I need to consider?
>
>
> The 'track' option deals with *incoming* connections; it insures that
> replies to incoming requests go out over the correct provider.
>
> You want to use the 'SAME' target in /etc/shorewall/tcrules. Here's what I
> have:
>
> SAME:P INT_IF -
> tcp 443
>
> You may want to start with:
>
> SAME:P INT_IF -
> tcp 80,443
>
> -Tom
>
> Tom Eastep \ Nothing is foolproof to a
> Shoreline, \ sufficiently talented fool
> Washington, USA \
> http://shorewall.net \________________________________________________
>
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
