On Monday 18 November 2013 09:58:24 Tom Eastep wrote:
> On 11/18/2013 9:33 AM, Nuno Fernandes wrote:
> > On Monday 18 November 2013 07:54:01 Tom Eastep wrote:
> >> Are you running LSM? You must in order for this to work properly.
> >>
> >> Note that existing connections through the failed provider cannot fail
> >> over to the other provider; only new connections that would normally go
> >> through the failed provider can be handled by the remaining one.
> >
> > I'm using:
> >
> > # shorewall version
> > 4.5.4.2
> >
> > with swping. The failover works fine. If i loose a provider, all new
> > traffic is redirected to the remaining connection and when the provider
> > comes back up, new connections are routed back through both providers.
> >
> > The problems are on connections that are "forced" using rtrules to a
> > specific provider. I would like to have them failover to the remaining
> > provider when the main one fails and back again to that provider when
> > it's online.
> >
> > Any ideas?
>
> Once again -- you cannot cause existing connections to fail over to the
> other provider. When a provider fails, outgoing packets will try to use
> the other provider but there is no way that response packets can be
> returned back correctly (except in very limited setups where the
> upstream routers are closely associated and can fail over routing of
> incoming packets).
>
> -Tom
Hello,
Maybe i'm not making myself clear. I understand that existing connections can't
fail to
the other provider. Let me explain it step by step:
1 - All is working fine.
1.1 - If a "new connection" is made from the internal network and it matches
one of
the rtrules rules it is routed through the stated provider.
1.2 - If a "new connection" is made from the internal network and it doesn't
match
any of the rtrules rules it is routed through one of the providers (using
balance ratio in
the providers file).
2 - Swping detects that the main link is down. It does a:
${VARDIR}/firewall disable $INTF
3 - Main link is down.
3.1 - If a "new connection" is made from the internal network and it matches
one of
the rtrules rules it is not routed through the remaining provider.
3.2 - If a "new connection" is made from the internal network and it doesn't
match
any of the rtrules rules it is routed through the remaining provider.
Is it possible that 3.1 uses the remaining provider?
Thanks for the help,
Best regards,
Nuno Fernandes
------------------------------------------------------------------------------
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing
conversations that shape the rapidly evolving mobile landscape. Sign up now.
http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
