Hi On 26/03/2015 20:52, Nico Pagliaro wrote: > Hi, I am trying to have LSM working but I cant. > I cant get my .status files change after I disconnect the UTP cable > > Shorewall 4.6.7 / centos 6 > > I followed ths doc in http://shorewall.net/MultiISP.html#lsm but doesnt work > (I have change a line that I think is wrong in the doc: > > /usr/sbin/lsm /etc/lsm/lsm.conf >> /var/log/lsm > > for this > > /usr/sbin/lsm *-c* /etc/lsm/lsm.conf >> /var/log/lsm > > Well, here is my conf: > > eth0=LAN > > eth1=ISP1 (Static IP) > > eth2=ISP2 (dynamic IP) > > > */etc/shorewall/params* > > ANTEL=eth1 > > ADSL=ppp0 > * > * > > */etc/shorewall/isusable* > > * > * > > local status=0 > # > # Read the status file (if any) created by /etc/lsm/script > # > [ -f ${VARDIR}/${1}.status ] && status=$(cat ${VARDIR}/${1}.status) > > return $status > > > > */etc/shorewall/lib.private* > > start_lsm() { > # > # Kill any existing lsm process(es) > # > killall lsm 2> /dev/null > # > # Create the Shorewall-specific part of the LSM configuration. This > file is > # included by /etc/lsm/lsm.conf > # > # Avvanta has a static gateway while Comcast's is dynamic > # > cat <<EOF > /etc/lsm/shorewall.conf > connection { > name=ANTEL > checkip=201.217.149.169 > device=$ANTEL > ttl=2 > } > > EOF > # > # Since LSM assumes that interfaces start in the 'up' state, remove any > # existing status files that might have an interface in the down state > # > rm -f /var/lib/shorewall/*.status > # > # Run LSM -- by default, it forks into the background > # > /usr/sbin/lsm -c /etc/lsm/lsm.conf >> /var/log/lsm > > } > > */etc/shorewall/started* > > if [ "$COMMAND" = start -o -z "$(ps ax | grep 'lsm ' | grep -v 'grep ' > )" ]; then > start_lsm > fi > > > */etc/shorewall/restored* > * > * > if [ -z "$(ps ax | grep 'lsm ' | grep -v 'grep ' )" ]; then > start_lsm > fi > > > */etc/lsm/lsm.conf* > * > * > debug=9 > > # > # Defaults for the connection entries > # > # > # Defaults for the connection entries > # > defaults { > name=defaults > checkip=127.0.0.1 > eventscript=/etc/lsm/script > max_packet_loss=20 > max_successive_pkts_lost=7 > min_packet_loss=5 > min_successive_pkts_rcvd=10 > interval_ms=2000 > timeout_ms=2000 > [email protected] > <mailto:[email protected]> > check_arp=0 > sourceip= > ttl=0 > } > > include /etc/lsm/shorewall.conf > > */etc/lsm/script** > * > > STATE=${1} > NAME=${2} > CHECKIP=${3} > DEVICE=${4} > WARN_EMAIL=${5} > REPLIED=${6} > WAITING=${7} > TIMEOUT=${8} > REPLY_LATE=${9} > CONS_RCVD=${10} > CONS_WAIT=${11} > CONS_MISS=${12} > AVG_RTT=${13} > > if [ -f /usr/share/shorewall-lite/lib.base ]; then > VARDIR=/var/lib/shorewall-lite > STATEDIR=/etc/shorewall-lite > TOOL=/sbin/shorewall-lite > else > VARDIR=/var/lib/shorewall > STATEDIR=/etc/shorewall > TOOL=/usr/sbin/shorewall > fi > > [ -f ${STATEDIR}/vardir ] && . ${STATEDIR}/vardir > > cat <<EOM | mail -s "${NAME} ${STATE}, DEV ${DEVICE}" ${WARN_EMAIL} > > Hi, > Connection ${NAME} is now ${STATE}. > > Following parameters were passed: > newstate = ${STATE} > name = ${NAME} > checkip = ${CHECKIP} > device = ${DEVICE} > warn_email = ${WARN_EMAIL} > > Packet counters: > replied = ${REPLIED} packets replied > waiting = ${WAITING} packets waiting for reply > timeout = ${TIMEOUT} packets that have timed out (= packet loss) > reply_late = ${REPLY_LATE} packets that received a reply after timeout > cons_rcvd = ${CONS_RCVD} consecutively received replies in sequence > cons_wait = ${CONS_WAIT} consecutive packets waiting for reply > cons_miss = ${CONS_MISS} consecutive packets that have timed out > avg_rtt = ${AVG_RTT} average rtt, notice that waiting and timed out > packets have rtt = 0 when calculating this > > Your LSM Daemon > > EOM > > # Uncomment the next two lines if you are running Shorewall 4.4.x or earlier > > # [ ${STATE} = up ] && state=0 || state=1 > # echo $state > ${VARDIR}/${DEVICE}.status > > $TOOL restart -f >> /var/log/lsm 2>&1 > > $TOOL show routing >> /var/log/lsm > > exit 0 > > #EOF > > */etc/shorewall/providers* > #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY > OPTIONS COPY > ANTEL 1 1 - eth1 201.217.149.169 > track,loose,balance=100 > ADSL 2 2 - ppp0 detect > track,loose,balance=1 > > > *WHEN SHOREWAL STOPPED* > > *ll /var/lib/shorewall/* > > total 120 > -rw-------. 1 root root 4 Mar 26 13:55 eth1_weight > -rwx------. 1 root root 87764 Mar 26 13:55 firewall > -rw-r--r--. 1 root root 88 Mar 25 11:48 lsm.conf > -rw-------. 1 root root 162 Mar 26 13:55 marks > -rw-------. 1 root root 226 Mar 26 13:55 policies > -rw-------. 1 root root 2 Mar 26 13:55 ppp0_weight > -rw-------. 1 root root 29 Mar 26 13:55 restarted > -rw-------. 1 root root 39 Mar 26 14:27 state > -rw-------. 1 root root 75 Mar 26 13:55 zones > > *ps ax | grep lsm* > > 5122 pts/0 S+ 0:00 grep lsm > > > *service shorewall start* > * > * > ps ax | grep lsm > * *5499 ? Rs 0:03 /usr/sbin/lsm -c /etc/lsm/lsm.conf > 5506 pts/0 S+ 0:00 grep lsm > > > ll /var/lib/shorewall/ > > -rw-------. 1 root root 38 Mar 26 14:31 default_route > -rw-------. 1 root root 2 Mar 26 14:31 eth1.status > -rw-------. 1 root root 4 Mar 26 14:31 eth1_weight > -rwx------. 1 root root 87764 Mar 26 14:31 firewall > -rw-r--r--. 1 root root 88 Mar 25 11:48 lsm.conf > -rw-------. 1 root root 162 Mar 26 14:31 marks > -rw-------. 1 root root 0 Mar 26 14:31 nat > -rw-------. 1 root root 226 Mar 26 14:31 policies > -rw-------. 1 root root 2 Mar 26 14:31 ppp0.status > -rw-------. 1 root root 2 Mar 26 14:31 ppp0_weight > -rw-------. 1 root root 0 Mar 26 14:31 proxyarp > -rw-------. 1 root root 29 Mar 26 14:31 restarted > -rw-------. 1 root root 60 Mar 26 14:31 state > -rw-------. 1 root root 271 Mar 26 14:31 undo_ADSL_routing > -rw-------. 1 root root 271 Mar 26 14:31 undo_ANTEL_routing > -rw-------. 1 root root 68 Mar 26 14:31 undo_balance_routing > -rw-------. 1 root root 0 Mar 26 14:31 undo_default_routing > -rw-------. 1 root root 134 Mar 26 14:31 undo_main_routing > -rw-------. 1 root root 75 Mar 26 14:31 zones > > > > The ISP1 cable is disconnected but when I do > > cat /var/lib/shorewall/eth1.status > 0 > > Is this correct? > Thomas can you give me a hand on this? >
It appears that you are only monitoring the ANTEL link and not the ADSL as well!! My setups monitor each internet connection and not just to the first hop but to two or more stable servers. I use fixed routing to froce the packets the right way. Not elegant but it works! Ang -- Angela Williams angierfw at gmail dot com Linux/Networking Hacker Blog http://angierfw.wordpress.com Smile! Yahshua Loves You! ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
