On 8/30/2013 7:39 PM, Tom Eastep wrote:
On 8/30/2013 3:24 PM, Thomas Harold wrote:
Questions at this point:
http://shorewall.net/MultiISP.html
#1 Where do variables like SW_ETH0_GATEWAY and SW_ETH0_ADDRESS get defined?
They get defined by the function 'detect_configuration' in the generated
firewall script.
#2 How does shorewall determine the gateway of a DHCP interface? On
CentOS 6 with the interface named 'wancbl', the lease information file
is /var/lib/dhclient/dhclient-wancbl.leases.
It uses your findgw extension script, if you supplied one. Otherwise, it
looks in some standard places. See the detect_dynamic_gateway function
in the generated firewall script.
Perfect, once I edited /etc/shorewall/findgw and put in the CentOS
specific script, the DHCP generated gateway is found by Shorewall.
http://www.shorewall.net/pub/shorewall/contrib/findgw/CentOS
...
However, the following providers still does not work (in 4.5.4). When I
perform an "ifdown wancbl", packets fail to route out through the
fallback T1 interface. Adding "loose" to both lines doesn't work either.
cable 1 1 - wancbl detect balance
t1 2 2 - want1 207.97.179.65 fallback
But the following providers file *does* work. When I "ifdown wancbl",
packets continue to flow properly and when the cable provider comes back
up, packets switch to flowing back out over the cable modem.
cable 1 1 - wancbl detect balance=50
t1 2 2 - want1 207.97.179.65 balance=1
What am I overlooking with regards to using the "fallback" option in the
providers file?
#
# Shorewall version 4 - Providers File
#
# For information about entries in this file, type "man shorewall-providers"
#
# For additional information, see http://shorewall.net/MultiISP.html
#
############################################################################################
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS
COPY
cable 1 1 - wancbl detect
balance,loose
t1 2 2 - want1 207.97.179.65
fallback,loose
# DUPLICATE
# - May be 'main' or the name or number of a previously declared provider.
# - Should be be specified as '-' when USE_DEFAULT_RT=Yes in shorewall.conf
# - When USE_DEFAULT_RT=No (not recommended), this column is normally specified
as main
#
# TRACK_PROVIDERS=Yes (shorewall.conf)
# - Implies that "track" is turned on in OPTIONS for all providers
#
Shorewall 4.5.4 Routing at fvs-sec.betaresearch.com - Wed Sep 4 11:10:56 EDT
2013
Routing Rules
0: from all lookup local
999: from all lookup main
10000: from all fwmark 0x1/0xff lookup cable
10001: from all fwmark 0x2/0xff lookup t1
32765: from all lookup balance
32767: from all lookup default
Table balance:
Table cable:
Table default:
207.97.179.65 dev want1 scope link
Table local:
local 207.97.179.67 dev want1 proto kernel scope host src 207.97.179.67
local 172.30.0.2 dev bond0 proto kernel scope host src 172.30.0.2
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
broadcast 207.97.179.71 dev want1 proto kernel scope link src 207.97.179.67
broadcast 207.97.179.64 dev want1 proto kernel scope link src 207.97.179.67
broadcast 172.30.7.255 dev bond0 proto kernel scope link src 172.30.0.2
broadcast 172.30.0.0 dev bond0 proto kernel scope link src 172.30.0.2
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
Table main:
blackhole 192.168.0.0/16
blackhole 172.16.0.0/12
blackhole 10.0.0.0/8
207.97.179.65 dev want1 scope link src 207.97.179.67
207.97.179.64/29 dev want1 proto kernel scope link src 207.97.179.67
172.30.0.0/21 dev bond0 proto kernel scope link src 172.30.0.2
169.254.0.0/16 dev want1 scope link metric 1005
169.254.0.0/16 dev bond0 scope link metric 1006
Table t1:
207.97.179.65 dev want1 scope link src 207.97.179.67
default via 207.97.179.65 dev want1 src 207.97.179.67
Shorewall 4.5.4 Routing at fvs-sec.betaresearch.com - Wed Sep 4 11:11:35 EDT
2013
Routing Rules
0: from all lookup local
999: from all lookup main
10000: from all fwmark 0x1/0xff lookup cable
10001: from all fwmark 0x2/0xff lookup t1
32765: from all lookup balance
32767: from all lookup default
Table balance:
default via 24.188.160.1 dev wancbl
Table cable:
24.188.160.1 dev wancbl scope link src 24.188.168.24
default via 24.188.160.1 dev wancbl src 24.188.168.24
Table default:
207.97.179.65 dev want1 scope link
Table local:
local 24.188.168.24 dev wancbl proto kernel scope host src 24.188.168.24
local 207.97.179.67 dev want1 proto kernel scope host src 207.97.179.67
local 172.30.0.2 dev bond0 proto kernel scope host src 172.30.0.2
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
broadcast 24.188.175.255 dev wancbl proto kernel scope link src 24.188.168.24
broadcast 24.188.160.0 dev wancbl proto kernel scope link src 24.188.168.24
broadcast 207.97.179.71 dev want1 proto kernel scope link src 207.97.179.67
broadcast 207.97.179.64 dev want1 proto kernel scope link src 207.97.179.67
broadcast 172.30.7.255 dev bond0 proto kernel scope link src 172.30.0.2
broadcast 172.30.0.0 dev bond0 proto kernel scope link src 172.30.0.2
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
Table main:
blackhole 192.168.0.0/16
blackhole 172.16.0.0/12
blackhole 10.0.0.0/8
24.188.160.1 dev wancbl scope link src 24.188.168.24
207.97.179.65 dev want1 scope link src 207.97.179.67
207.97.179.64/29 dev want1 proto kernel scope link src 207.97.179.67
172.30.0.0/21 dev bond0 proto kernel scope link src 172.30.0.2
24.188.160.0/20 dev wancbl proto kernel scope link src 24.188.168.24
169.254.0.0/16 dev want1 scope link metric 1005
169.254.0.0/16 dev wancbl scope link metric 1004
169.254.0.0/16 dev bond0 scope link metric 1006
Table t1:
207.97.179.65 dev want1 scope link src 207.97.179.67
default via 207.97.179.65 dev want1 src 207.97.179.67
------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
