Thanks. I will try that.
-----Original Message----- From: Thomas Harold [mailto:[email protected]] Sent: Thursday, September 12, 2013 11:12 PM To: İlker Aktuna Cc: 'Shorewall Users' Subject: Re: [Shorewall-users] Fallback in a multi-isp configuration On 9/12/2013 3:25 PM, İlker Aktuna wrote: > Hi Thomas, > > Thanks for this great detailed information. Unfortunately it is still > not very clear for me what to write instead of your 999.999.999.999 > example. My wan interfaces are ppp0 and ppp1 . They have dynamic IP > addresses and their gateways are same because they connect to the same > ISP. > Since you are using DHCP on both ppp0 and ppp1, just use "detect" in /etc/shorewall/providers for the GATEWAY column. Or possibly a "-" instead since they are PPP. See point #6 at the following URL. http://shorewall.net/MultiISP.html#USE_DEFAULT_RT Because both of your interfaces talk to the same ISP and have the same "next-hop" or "default" gateway, you should also read the following section and probably use "load=" instead of "balance=" in the providers file. http://shorewall.net/MultiISP.html#load > Also, I didn't still install lsm yet but checked fpor availability of > the explained files on my system. There are no "[interface].status" > files under vARDIR (/var/lib/shorewall) How will they be populated? > LSM creates those /var/lib/shorewall/interfacename.status files. But only when the interface is "down". So until you setup LSM, you won't see .status files show in in /var/lib/shorewall. With your interfaces being named 'ppp0' and 'ppp1' you would see: /var/lib/shorewall/ppp0.status /var/lib/shorewall/ppp1.status To test whether LSM is configured properly and integrating properly with Shorewall, you can "ifdown ppp0" and see whether LSM creates the ppp0.status file (with content of "1" inside). If the .status files are *not* present, then the "/etc/shorewall/isusable" script will decide that the interface is up and running and Shorewall will use it. ... Note that it takes 20-40 seconds for LSM to notice that an interface is down, decide that it is down for good and then restart Shorewall by executing the "firewall disable [interface}" command. When the interface comes back up, it will take 2-3 minutes for LSM to decide that things are okay enough to execute "firewall enable [interface]". So testing this requires a bit of patience. Or you could adjust the LSM defaults in /etc/lsm/lsm.conf to make it decide things faster. Specific attributes that control the decision process and time-to-decide are "max_packet_loss, max_successive_pkts_lost, min_packet_loss, min_successive_pkts_rcvd, interval_ms, timeout_ms". ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
