Hi Norman,
Thanks so much for the tip. That got me all sorted out. Thanks again!
Cheers,
-3ric
On Sat, Oct 21, 2017 at 10:30 AM, Norman Henderson <[email protected]>
wrote:
> Hi Eric,
> I didn't look at your dump however, it sounds like you are having the same
> problem that I had. The specific solution to being able to ping out on a
> disabled link, is in an Email from Tom on this list on June 20:
>
> ME: "> - if a provider is flaky it needs to be disabled, otherwise it
> remains
> > the chosen route for users and they don't get any Internet.
> > - Meaningful testing of the status of a path requires the interface to be
> > enabled. For example, pings over an interface that is up, but for which
> > the provider is marked "down" in Shorewall alternately succeed or report
> > "Operation not permitted".
>
> TOM: Use 'persistent' in /etc/shorewall/providers."
>
> Hope that helps! It worked for me in terms of being able to ping via a
> disabled provider.
>
> I had other problems with disabling (but not shutting down) a USB stick,
> which I can't remember clearly at the moment, so I reverted to "ifdown
> usb0". And I haven't got to the place that I trust FOOLSM enough to put it
> in production; partly because in our context, a ping test isn't enough to
> determine link status. In some cases, pings are fine even to a distant
> site, but web traffic is slow.
>
> I stopped investing time in this and resigned myself to assessing and
> controlling providers manually. I think SWPING / FOOLSM really are only
> smart enough to deal with first world situations, mostly last-mile
> failures. Third world network failures are amazingly diverse! Thankfully,
> our main provider has made dramatic infrastructure improvements in the past
> few weeks and for now, they are fast and reliable versus variable and
> unreliable. That makes manual monitoring easier ;)
>
> Best regards, Norm
>
> On Sat, Oct 21, 2017 at 4:19 PM, 3ric Johanson <[email protected]>
> wrote:
>
>> Hi there,
>>
>> I've been using the multi-isp functions in shorewall for years, and
>> recently updated my version of shorewall and the failover scripts I've been
>> using have stopped working (swping). I've also tried to make FOOLSM work
>> without any success. I've modified my old version of swping to use the
>> firewall disable/enable methods vs. updating the status files. It's
>> attached. But neither my hacked version of swping or FOOLSM seem to work.
>>
>> Here seems to be my problem: Either can correctly detect a down internet
>> connection, but once it calls ${VARDIR}/firewall disable ${DEVICE} then
>> no more packets can be sent out via that internet connection so the script
>> can't successfully determine when the link is back.
>>
>>
>> # ping -I wlan0 8.8.8.8
>> PING 8.8.8.8 (8.8.8.8) from 192.168.128.11 wlan0: 56(84) bytes of data.
>> 64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=92.1 ms
>> 64 bytes from 8.8.8.8: icmp_seq=2 ttl=56 time=62.1 ms
>> ^C
>> --- 8.8.8.8 ping statistics ---
>> 2 packets transmitted, 2 received, 0% packet loss, time 1000ms
>> rtt min/avg/max/mdev = 62.106/77.106/92.106/15.000 ms
>> # /var/lib/shorewall/firewall disable wlan0
>> # ping -I wlan0 8.8.8.8
>> PING 8.8.8.8 (8.8.8.8) from 192.168.128.11 wlan0: 56(84) bytes of data.
>> From 192.168.128.11 icmp_seq=1 Destination Host Unreachable
>> From 192.168.128.11 icmp_seq=2 Destination Host Unreachable
>> From 192.168.128.11 icmp_seq=3 Destination Host Unreachable
>> ^C
>> --- 8.8.8.8 ping statistics ---
>> 5 packets transmitted, 0 received, +3 errors, 100% packet loss, time
>> 4016ms
>> pipe 3
>> #
>>
>> It is possible this is because one of the links is an usb wifi dongle,
>> and that's breaking something. Its also possible something else in my
>> configs is breaking something?
>>
>> I don't see any blocked messages in my logs.
>>
>> Internet connections: wlan0 & eth3. I've attached shorewall dump and the
>> swping config I'm using.
>>
>> Any ideas?
>>
>> Thanks in advance,
>> -3ric Johanson
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Shorewall-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
