Hi all, I've been following the discussions on implementing multiple ISP uplinks and I've read every bit of documentation I can find numerous times. However yesterday I noticed something a little weird.
I have 4 interfaces - some LANs (eth0, eth2, eth3), a leased line (eth1) and a DSL uplink (ppp0) to different providers. The DSL uplink has a dynamic IP address and the leased line has a static IP address. I have specified track, balance and loose in the providers file for each of the providers. It looks like this: <snip> ISP1 1 1 main eth1 196.x.x.x balance,track,loose eth0,eth2,eth3 ISP2 2 2 main ppp0 detect balance,track,loose,optional eth0,eth2,eth3 </snip> Now from what I've read I believe that all packets arriving on the ppp0 interface should have their connection mark set to 2 as I've specified the track option. Is my understanding correct? If my understanding is correct then I need an explanation for the behaviour I've witnessed. In my tcrules file I have the following: <snip> RESTORE 0.0.0.0/0 0.0.0.0/0 all - - - 0 CONTINUE 0.0.0.0/0 0.0.0.0/0 all - - - !0 # Default all traffic out of the ISP1 line unless specified 1:P 0.0.0.0/0 0.0.0.0/0 all - - - 1:P $FW 0.0.0.0/0 all - - - SAVE 0.0.0.0/0 0.0.0.0/0 all - - - !0 </snip> What I experience though is that when a connection comes into the FTP service on the firewall ppp0 interface, the reply packets all leave on the eth1 interface. Surely if the connection is tracked and marked then the reply packets should go out of the interface that the request came in on? Any ideas anyone? Regards, - Craig. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
