KP Kirchdoerfer wrote: > Am Sonntag, 13. Dezember 2009 18:00:38 schrieb Tom Eastep: >> KP Kirchdoerfer wrote: >>> Am Samstag, 12. Dezember 2009 19:55:35 schrieb Tom Eastep: >>>> KP Kirchdoerfer wrote: >>>>> Hi; >>>>> >>>>> I've tried to setup multi-isp with two ppp connections and have been >>>>> sucessful - somehow. >>>>> >>>>> Accessing the Server behind the fw works and the connection speed is >>>>> sufficient. >>>>> Accessing the net from inside is slow and unreliable - just as clampmss >>>>> has been set to "no", which is not the case. >>>> What does 'from inside' mean? From the 'loc' zone? >>> Sorry; >>> >>> yes the 'loc' is meant, for legacy reasons it's called 'dmz' in my setup >>> files. >> Does 'ip route ls cache' show the correct MTU on routes out of ppp0 and >> ppp1? (note that the two links have *different MTUs*) >> > > Tom; > > yes the MTU's are correct. And the pb seems to have been solved a few hrs ago. > > First I made shure, I have the masq file exactly as in the multi-ISP docs, > which is somewhat different from my previous setup with only one line. > And I followed a short note in a previous mail you wrote - the 'empty loc > zone'. I removed the empty zone and all rules to/from that zone and after > restarting all connections including from those from dmz runs as fast as > expect. > > I wasn't aware that an empty zone can cause that much harm.
Other than slowing down 'start' and 'restart', it should have had no effect. Similarly, the changes you made to the masq file should only affect connections originating on the firewall itself. At any rate, I'm glad to hear that the problem appears solved. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Return on Information: Google Enterprise Search pays you back Get the facts. http://p.sf.net/sfu/google-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
