Hi folks! I used Shorewall Multi ISP manual (http://www.shorewall.net/MultiISP.html) to configure a dual link firewall in one of our clients. When the primary link fails, remote conections using the secondary remains working. However, from LAN, they can't access the Internet. It seems like shorewall is not using the secondary as an alternative route. I'm using the following configuration:
/etc/shorewall/providers #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY Primary Link 1 1 main eth0 200.175.xxx.xxx track,balance=1 eth2,eth3 secundary Link 2 2 main eth1 201.14.xxx.xxx track,balance=2 eth2,eth3 /etc/shorewall/masq #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK eth0 0.0.0.0/0 200.175.xxx.xxx eth1 0.0.0.0/0 201.14.xxx.xxx I don't have any tcrules configuration. There is no gateway configuration on /etc/network/interfaces file. I did a route -n and noticed that there is a external route just for the primary link. Destination Gateway Genmask Flags Metric Ref Use Iface 200.175.xxx.xxx 0.0.0.0 255.255.255.248 U 0 0 0 eth0 201.14.xxx.xxx 0.0.0.0 255.255.255.248 U 0 0 0 eth1 192.168.3.0 192.168.2.1 255.255.255.0 UG 0 0 0 eth3 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 0.0.0.0 200.175.xxx.xxx 0.0.0.0 UG 0 0 0 eth0 Is this correct? Can anyone help me? Thanks! João K. ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
