Thanks Tom, I got it working.
Question about link failover, just thinking if the requirement scope can be
expanded :)
Currently, I am telling shorewall to redirect dmz and loc traffic inside
route_rules.And you mentioned that if I am using optional in both wan
interfaces, if both goes downI can use the third wan link (if I have one).But
if I only have 2 wan links, does it mean the "optional" setting in interfaces
file suppose to do the failover?Or I still need something like what you
mentioned in the docs (i.e. lsm)?
Many thanks.
--- On Thu, 16/9/10, Tom Eastep <teas...@shorewall.net> wrote:
From: Tom Eastep <teas...@shorewall.net>
Subject: Re: [Shorewall-users] help for newbie on shorewall multiple isp
To: shorewall-users@lists.sourceforge.net
Received: Thursday, 16 September, 2010, 2:32 PM
On 9/15/10 10:01 PM, Lito Kusnadi wrote:
> Hi Tom,
> thank you for your reply. sorry for the text wrapping as I'm using web mail.
>
> I have attached the gz format of shorewall dump.
>
> To clarify the objective:
> I want to redirect traffic from dmz (eth2) to use AC3 (eth1) link and
> redirect traffic from loc (eth3) to use I2N (eth0) link.
>
> I've changed provider file as follow (tried with "track" only and
> "track,balance"):
> I2N 1 1 main eth0 203.18.30.3 track,balance eth3
> AC3 2 2 main eth1 203.202.13.1 track,balance eth2
Please put 'eth2,eth3' in both providers.
>
> Now the interesting problem:
>
> a. from host in loc zone, I can ping dmz and the net (with limitation).
>
> According to the provider file, all eth3 traffic must use eth0;
No -- The providers file NEVER determines where traffic is to go. What
you have done is made it so ONLY eth3 traffic can use eth0.
The DUPLICATE and COPY columns in the providers file only determine
those routes that are copied to the provider routing tables.
You want 'track,'balance' on both providers.
In /etc/shorewall/route_rules:
eth3 - I2N 1000
eth2 - AC3 1000
Now, traffic arriving on eth3 will be routed to the I2N provider and
traffic arriving on eth2 will be routed to the AC3 provider. If either
provider is down (assuming that you have 'optional' on eth0 and eth1 in
your interfaces file), then all traffic will use the remaining provider.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----Inline Attachment Follows-----
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
-----Inline Attachment Follows-----
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
