bond0 - internal LAN wancbl - cable modem (dhcp), primary want1 - T1 backup line (static ip), fallback
When wancbl is up, MASQ from the LAN works fine and the BIND server on the firewall can query the internet. When I take wancbl down ("ifdown wancbl"), things are not falling over to the want1 (local BIND fails to resolve addresses, fresh ping from internal LAN fails). Probably because there is no longer a default route (I can see the 'default' line in the main routing table vanish and it is not replaced with the want1 default route).
LSM is configured and seems to be working fine. LSM is sending me messages that interface wancbl has gone down. Shorewall seems to be notified properly via the '/var/lib/shorewall/firewall' script and is adjusting the routes. LSM is creating /var/lib/shorewall/wancbl.status file when the link is down (content of "1"). I have set USE_DEFAULT_RT=Yes in the shorewall.conf file.
/etc/shorewall/zones fw firewall loc ipv4 net ipv4 /etc/shorewall/interfacesloc bond0 dhcp,logmartians,nosmurfs,required,routefilter,sourceroute=0,tcpflags
net wancbl dhcp,logmartians,nosmurfs,optional,sourceroute=0,tcpflags net want1 logmartians,nosmurfs,optional,sourceroute=0,tcpflags /etc/shorewall/providers cable 1 1 - wancbl detect balance t1 2 2 - want1 207.97.179.65 fallback /etc/shorewall/masq wancbl bond0 want1 bond0 /etc/shorewall/policy loc net ACCEPT net all DROP info $FW loc ACCEPT $FW net ACCEPT all all REJECT info # shorewall show routingShorewall 4.5.4 Routing at fvs-sec.betaresearch.com - Thu Aug 29 14:44:52 EDT 2013
Routing Rules 0: from all lookup local 999: from all lookup main 10001: from all fwmark 0x2/0xff lookup t1 20000: from 207.97.179.67 lookup t1 32765: from all lookup balance 32767: from all lookup default Table balance: Table default: 207.97.179.65 dev want1 scope link Table local: local 24.188.168.24 dev wancbl proto kernel scope host src 24.188.168.24 local 207.97.179.67 dev want1 proto kernel scope host src 207.97.179.67 local 172.30.0.2 dev bond0 proto kernel scope host src 172.30.0.2 local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1 local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1broadcast 24.188.175.255 dev wancbl proto kernel scope link src 24.188.168.24
broadcast 24.188.160.0 dev wancbl proto kernel scope link src 24.188.168.24 broadcast 207.97.179.71 dev want1 proto kernel scope link src 207.97.179.67 broadcast 207.97.179.64 dev want1 proto kernel scope link src 207.97.179.67 broadcast 172.30.7.255 dev bond0 proto kernel scope link src 172.30.0.2 broadcast 172.30.0.0 dev bond0 proto kernel scope link src 172.30.0.2 broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1 broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1 Table main: 207.97.179.65 dev want1 scope link src 207.97.179.67 207.97.179.64/29 dev want1 proto kernel scope link src 207.97.179.67 172.30.0.0/21 dev bond0 proto kernel scope link src 172.30.0.2 24.188.160.0/20 dev wancbl proto kernel scope link src 24.188.168.24 169.254.0.0/16 dev want1 scope link metric 1005 169.254.0.0/16 dev wancbl scope link metric 1004 169.254.0.0/16 dev bond0 scope link metric 1006 default via 24.188.160.1 dev wancbl Table t1: 207.97.179.65 dev want1 scope link src 207.97.179.67 default via 207.97.179.65 dev want1 src 207.97.179.67
shorewall-running-dump.gz
Description: application/gzip
------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
