On 13-Jul-07, at 8:10 PM, Tom Eastep wrote: > Tom Eastep wrote: >> Kenneth Gonsalves wrote: >>> On 12-Jul-07, at 7:38 PM, Tom Eastep wrote: >>> >>>> Tom Eastep wrote: >>>>> Kenneth Gonsalves wrote: >>>>>> hi, >>>>>> >>>>>> forgot to put a subject, so am resending >>>>>> >>>>>> hi, >>>>>> >>>>>> I have been trying to set up shorewall for 2 ISPs and nothing >>>>>> fancy >>>>>> but am facing the problem that smtp,pop,ssh,ping and irc dont go >>>>>> through when I enable the masq. I am running Mandriva 2007. My >>>>>> setup is: >>>>>> >>>>>> eth0 192.168.2.201 - local lan >>>>>> eth2 202.x.x.3 gateway 202.x.x.1 isp1 >>>>>> eth3 222.x.x.3 gateway 222.x.x.1 isp2 >>>>>> >>>>>> my rules.drakx file: >>>>>> >>>>>> ACCEPT net fw udp 110,25,22 - >>>>>> ACCEPT net fw tcp 22,6670,110,25,22 - >>>>>> REDIRECT loc 3128 tcp www - >>>>>> >>>>>> my providers file: >>>>>> >>>>>> isp1 2 2 main eth2 202.x.x.1 >>>>>> balance,track eth0 >>>>>> isp2 1 1 main eth3 202.x.x.1 >>>>>> balance,track eth0 >>>>>> >>>>>> my masq file: >>>>>> >>>>>> eth2 202.x.x.3 222.x.x.3 >>>>>> eth3 222.x.x.3 202.x.x.3 >>>>>> >>>>>> If i comment out the entries in the masq file, everything >>>>>> works, but >>>>>> all traffic goes through eth2 only. If i enable the masq file, >>>>>> http >>>>>> works, load is balanced, but smtp,pop,ssh,ping and irc dont go >>>>>> through. Any clues? >>>>>> >>>>>> >>>>> Please supply the output of "shorewall dump" collected as >>>>> described at >>>>> http://www.shorewall.net/support.htm#Guidelines. >>>>> >>>> Also, the output of this command would be helpful: >>>> >>>> gzip -dc /proc/config.gz | grep CONFIG_IP_ROUTE_MULTIPATH_CACHED >>> output is: >>> >>> CONFIG_IP_ROUTE_MULTIPATH_CACHED=y >>> >>> >> >> Shorewall multiISP support does not work correctly with kernels built >> with that option. That is mentioned in the Shorewall MultiISP >> article. > > I notice too that route filtering is enabled on both eth2 and eth3 yet > martian logging is disabled. You may be having a lot of packets > silently > dropped as martians. Note: It may be your distribution (/etc/ > sysctl.conf or > something similar) that is enabling route filtering. > > I personally recommend disabling route filtering in multi-ISP > configurations. > > Finally, do you have eth2 and eth3 connected to a common hub/ > switch? That > also can cause havoc in these configurations.
i disabled CONFIG_IP_ROUTE_MULTIPATH_CACHED, but still no joy - balancing works perfectly for http - but not for smtp etc -- regards Kenneth Gonsalves Associate, NRC-FOSS [EMAIL PROTECTED] http://nrcfosshelpline.in/web/ ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
