Hi, I'm experimenting with this, trying to simplify a situation with
several unreliable providers. Basically, we have two uncapped providers
that tend to go down (upstream failures) or suffer poor performance
(delayed and dropped packets) at unpredictable times; and another provider
that is stable but, capped, and quite expensive per Gb. So we want to use
the uncapped providers for everyone when they are good, and switch some
"special" users to the per-Gb provider when the uncapped ones are bad.
One solution I have tried is to simply delete some of the rules that
shorewall creates (ip rule del pref ...). Even though I'm not aware of any
trigger for shorewall to have been restarted, periodically these rules
reappear.
I put in route_rules:
+unitelusers - uni01 1295
(uni01 being a high-cost but more reliable provider)
The ipset unitelusers was defined with
ipset create unitelusers hash:net
ipset add unitelusers 10.1.0.0/24
...and some other internal addresses and subnets.
The resulting ip rule is:
1295: from all iif +unitelusers [detached] lookup uni01
That doesn't look right, because my ipset contains nets, not interfaces...
I also tried, in route_rules:
vlan4:+unitelusers - uni01 1295
That returns:
ERROR: An ipset name (+unitelusers) is not allowed in this context
Are ipsets not supposed to work with route_rules, or am I missing something?
Thanks, Norm
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
