Re: multiple nic/IP in firewall

2013-01-22 Thread Carlos Miranda Molina (Mstaaravin) 
On Tue, Jan 22, 2013 at 10:42 PM, Roberto Scattini <
roberto.scatt...@gmail.com> wrote:

> 1. the second interface, in on same subnet as the first interface?
> no, they are completely different
>
>
>> 2. the gateway for second interface is different as the first
>> interface?
>>
> yeah, both are different too
>
> thanks
>
>
> ps: i think we both live in argentina?
>

Sí, soy de Argentina tambien...

Cuando ejecutás "route -n" sólo ves un gateway porque asi es como lo
definiste con la linea "ip route add default via $P2"

0.0.0.0 XX.220.XX.177  0.0.0.0 UG0  00 eth3


Esto es así porque no estas cargando el balanceo con ip route default
scope, como por ejemplo:

:~# ip route add default scope global nexthop via XX.220.XX.177 dev eth3
weight 1 nexthop via YY.20.YY.Y dev eth4 weight 1
:~# ip route add '127.0.0.0/8' dev lo table T1
:~# ip route add '127.0.0.0/8' dev lo table T2
:~# ip route add '192.168.100.0/24' dev eth2 table T1
:~# ip route add '192.168.100.0/24' dev eth2 table T2

Normalmente yo agrego esas lineas en el archivo /etc/rc.local para que se
ejecuten en el inicio, por supuesto tenés que haber agregado a
/etc/iproute/rt_tables los nombres de las tablas que estas usando (T1 & T2)

Yo particularmente prefiero agregar la configuración de cada subred en el
mismo archivo /etc/network/interfaces, en el ejemplo a continuación es como
lo tengo en uno de mis servers)

auto eth3
iface eth3 inet manual
pre-up ip link set eth3 up
post-up ip addr add XX.220.XX.178/30 brd + dev eth3
post-up ip route add XX.220.XX.176 dev eth3 src XX.220.XX.178 table
T1
post-up ip route add default via XX.220.XX.177 table T1
post-up ip rule add from XX.220.XX.178 table T1


auto eth4
iface eth4 inet manual
pre-up ip link set eth4 up
post-up ip addr add YY.20.YY.3/24 brd + dev eth4
post-up ip route add YY.20.YY.0 dev eth4 src YY.20.YY.3 table T2
post-up ip route add default via YY.20.YY.2 table T2
post-up ip rule add from YY.20.YY.3 table T2

Y listo!
Con eso básicamente sale andando y vas a tener balanceo y ambas interfaces
públicas van a escuchar y poder hacer NAT al webserver en tu red privada,
aunque obviamente ya dependes de iptables para eso.

Saludos

-- 
"La Voluntad es el único motor de nuestros logros"
http://ngen.com.ar/blog

Re: ifstated equivalent on Linux

2012-01-16 Thread Carlos Miranda Molina (Mstaaravin) 
On Mon, Jan 16, 2012 at 3:38 PM, Sebastian Steinhuber
 wrote:
> Ifplugd or netplug could do the trick.

Thanks...
But ifplug and/or netplug check state of link interface..
If my ISP is down, link still is up without routing.

i need (for example) send ICMP over WAN1 and WAN2
if ICMP over WAN1 get timeout, change ip route rules and send all
traffic over WAN2


regards


-- 
"La Voluntad es el único motor de nuestros logros"
http://ngen.com.ar/blog


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/cacjp8-otjt2he9s+ubxeh67rp42prkywxchcfhs2pk2bt_x...@mail.gmail.com

Re: ifstated equivalent on Linux

2012-01-16 Thread Carlos Miranda Molina (Mstaaravin) 
On Mon, Jan 16, 2012 at 1:16 PM, Jon Dowland  wrote:
> If you provide a description of what ifstated does, then someone might be
> able to suggest an alternative program (without having to go and look up
> ifstated themselves)

Sorry...

http://www.openbsd.org/cgi-bin/man.cgi?query=ifstated&sektion=8

The ifstated daemon runs commands in response to network state changes,
 which it determines by monitoring interface link state or running
 external tests.  For example, it can be used with carp(4) to change
 running services or to ensure that carp(4) interfaces stay in sync, or
 with pf(4) to test server or link availability and modify translation or
 routing rules.  The options are as follows:


In my case i need manage a failover internet conection (actually with
debian + iproute + firehol) in Linux Wan failover is very hard to
configure and to see PF + ifstate is very very very very very very
very very simple.

Regards

-- 
"La Voluntad es el único motor de nuestros logros"
http://ngen.com.ar/blog


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/cacjp8-rupqh+9xp9t8jsridlwmduynq4dubdh2eervmxe6c...@mail.gmail.com

ifstated equivalent on Linux

2012-01-16 Thread Carlos Miranda Molina (Mstaaravin) 
Hello all!

Anyone knows tool similar to iftstated (BSD) for Linux?

no matter if not exist Debian package (i can compile)

thanks!
-- 
"La Voluntad es el único motor de nuestros logros"
http://ngen.com.ar/blog


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CACJp8-o5eGs=uq4cvyh+1w1107-74ppm-b1mcivdvalkwlo...@mail.gmail.com

Re: Your favorite bug tracking system

2011-04-07 Thread Carlos Miranda Molina (Mstaaravin) 
On Thu, Apr 7, 2011 at 4:20 PM, Jason Hsu  wrote:
> I need a bug tracking system for Swift Linux (www.swiftlinux.org).
>
> I have no prior experience with bug tracking systems, so I have NO idea what 
> to look for.  What do you like and dislike about the various bug tracking 
> systems?  I'd especially like to hear your opinions on Bugzilla (used by 
> GNOME, KDE, OpenOffice, Red Hat, Mandriva, and Gentoo) and Launchpad (used by 
> Ubuntu and others).
>

http://www.redmine.org/

Integrate issues, wiki, etc.


-- 
"La Voluntad es el único motor de nuestros logros"
http://ngen.com.ar/blog


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/banlktincckys+h+3mjnsifnt1jsx5xh...@mail.gmail.com

Re: fglrx driver in debian squeeze in limbo - any ideas?

2010-05-03 Thread Carlos Miranda Molina (Mstaaravin) 
On Mon, May 3, 2010 at 9:43 AM, tv.deb...@googlemail.com
 wrote:
> Hi, what exactly is broken ?
> As a workaround you could use Sid packages if Squeeze's are in bad shape. I
> have two mostly Squeeze (amd64, kde with desktop "effects" enabled) machines
> running Sid's fglrx at the moment and they seem fine, glxinfo and fglrxinfo
> doesn't spit any error, xorg logs doesn't contain errors, and the few OpenGl
> stuff I just tried are working fine (namely "Torcs" and "xmoto").

Hi
everyone is wrong, fglrx in Debian Squeeze need non-free packages in
/etc/apt/sources.list
ll they need is module-assistant and fglrx

r...@forest:~# aptitude install fglrx-driver fglrx-glx fglrx-control
fglrx-source fglrx-kernel-2.6.32-3-amd64 module-assistant -y
r...@forest:~# module-assistant (and follow assistant, select fglrx,
make, build and install)
r...@forest:~# modprobe fglrx
r...@forest:~# aticonfig --initial (replaces /etc/X11/xorg.conf if exists)
r...@forest:~# /etc/init.d/gdm restart (or kdm if you have  QT vaccine)


-- 
"La Voluntad es el único motor de nuestros logros"
http://ngen.com.ar/blog
http://ngen.com.ar/wiki


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/k2v82aadc8f1005031349j8274e6bdh5b40fb03b6907...@mail.gmail.com