[Sorry to revive an old thread, Tom, I have a new idea] >> I choose not to ping the connection gateway because both gateway are >> local and never go down, while especially one connection (wimax) goes >> down once in a while and I can detect status pinging a remote ip. > > You must configure a static route to the remote IP address in the main > routing table. We recommend doing that using your distribution's network > configuration tool rather than doing it in Shorewall. > > -Tom
Tom, I followed your advice and added a couple of routes for the IP addresses lsm have to ping. While it works, this setup has a drawback: the ping IP can't be reached when a link goes down. Let's assume we have 2 providers: wimax and adsl. I can't use 8.8.8.8 as ping IP in both, I need another IP (think of more than two links). So, I looked for an alternative approach: - no static routes - lsm interface option select link for pings - do not use shorewall disable in the lsm down script - but adjust "balance" routing table on link status change It works and I like it because it seems cleaner and simpler. But I think I'd like to have a couple more commands in shorewall, similar to enable/disable to adjust default route (and maybe the provider fwmark rules). Supposing to call them up and down, I'd use "shorewall down wimax" (provider name) in lsm event script instead of "shorewall disable wimax". down will adjust the default routing, but leave untouched both rules and provider routing. For some background on the setup I'm aiming to obtain see this forum: http://community.nethserver.org/t/wan-link-not-getting-switched-to-wan2-if-wan1-is-down/669/5 -- Ciao, Filippo ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
