| Hi, I have been running Shorewall for years and recently added frrouting for internal-only OSPF. Getting rid of the route-rules and providers was necessary, it doesn’t work well for Shorewall and a routing engine to both try and manage routes. But I don’t have any external peering to worry about.
At the end of the day it’s all kernel/iptables, so if you check ip rules, ip route for all of the different routing tables, and iptables -L for all of the Iptables chains you should be able to see what is going on.
- Norman Free advice is worth exactly what you paid for it … Sent from my iPhone On Apr 27, 2023, at 00:26, Red Baron <redbaro...@gmail.com> wrote:
I did attempt to install multi-isp, using mark columns & track options as such:
ISP1 1 1 - eno1 $GW1 track ISP2 2 2 - eno2 $GW2 track
I Also have "USE_DEFUALT_RT=Yes"
this failed to work. I then replaced the mark columns in the providers file with "-", and reset, but that too failed.
I think I want to disable all shorewall routing management. If I do a shorewall clear, then restart FRR, the interfaces work as expected. Any suggestions on how to best prevent shorewall from altering routing tables? I assumed that removing the providers was enough, but I must be missing something else. On Wed, Apr 26, 2023 at 05:45:15PM -0500, Red Baron wrote:
> I don't know if this is something that I should attempt to configure within
> shorewall (multi-ISP setup and conntrack) or if there is a better way to
> handle this via FRR.
I don't know anything about FRR, but it sounds like you should use the
multi-isp setup. I don't think it has anything to do with conntack,
though.
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
|
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
