Tephe Brown wrote: > Well I'm *almost* there with this... it's certainly been an adventure > and I have learned a TON over the last week. > > My final (working) config for /etc/shorewall/providers ended up like this: > > #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY > OPTIONS COPY > CenturyLink 1 1 main eth0 76.5.159.161 > track,balance eth2 > Comcast 2 2 main eth1 192.168.10.2 > track,fallback eth2 > > (sorry for the wrap, but hopefully you get the idea) > > If I manually bring eth0 down (CenturyLink) and restart shorewall, I get > this message: > > bubastis:/home/sbrown# shorewall -f restart > Restarting Shorewall.... > Initializing... > Setting up Route Filtering... > Setting up Martian Logging... > Adding Providers... > WARNING: Interface eth0 is not usable -- Provider CenturyLink (1) not > Added > WARNING: No Default route added (all 'balance' providers are down) > Setting up Traffic Control... > Preparing iptables-restore input... > Running /sbin/iptables-restore... > IPv4 Forwarding Enabled > done.
I think you need to set "optional" in your second provider. > > I'm assuming the warning is just that, and can be safely ignored, but I > don't understand a default route not being added? I am however able to > keep traffic flowing bidirectional with eth0 being down so I can't > really figure that one out, unless it's hitting the gateway as defined > in providers (192.168.10.2 in my case) Just trying to understand how > this is working.... > > My next step is to get lsm working satisfactorily to automate this, > anything else I could potentially be missing? I am also using packet > marking for my VoIP traffic and it's working great :) > > Thanks, > Stephen > > > > On 7/27/10 11:12 AM, Tom Eastep wrote: > > On 7/27/10 6:21 AM, Stephen Brown Jr wrote: > >> Thanks Tom... this appears to work as intended now, but I need > >> clarification on one additional item. > >> > >> I simulated a DSL outage by shutting the modem off and restarting > >> shorewall, however I can not route via the cable connection? My initial > >> thought is that Shorewall does not (and has no way of knowing) that > eth0 > >> is now dead without testing it, but I'm not sure honestly, would > LSM (or > >> another type of method) be beneficial to deal with this? > > Yes. And you need to define both interfaces as 'optional' in > shorewall.conf. > > > -Tom > > > > > > ------------------------------------------------------------------------------ > > The Palm PDK Hot Apps Program offers developers who use the > > Plug-In Development Kit to bring their C/C++ apps to Palm for a share > > of $1 Million in cash or HP Products. Visit us here for more details: > > http://ad.doubleclick.net/clk;226879339;13503038;l? > > http://clk.atdmt.com/CRS/go/247765532/direct/01/ > > > > > _______________________________________________ > > Shorewall-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users -- Jorge Armando Medina Computación Gráfica de México Web: http://www.e-compugraf.com Tel: 55 51 40 72, Ext: 124 Email: [email protected] GPG Key: 1024D/28E40632 2007-07-26 GPG Fingerprint: 59E2 0C7C F128 B550 B3A6 D3AF C574 8422 28E4 0632
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
