Re: [Shorewall-users] MultiISP

Tue, 09 Apr 2013 14:15:26 -0700 

On 4/9/13 12:38 PM, "João Alberto Kuchnier" <joao.kuchn...@gmail.com>
wrote:

>Hi folks!
>
>I used Shorewall Multi ISP manual
>(http://www.shorewall.net/MultiISP.html) to configure a dual link
>firewall in one of our clients. When the primary link fails, remote
>conections using the secondary remains working. However, from LAN, they
>can't access the Internet. It seems like shorewall is not using the
>secondary as an alternative route. I'm using the following configuration:
>
>/etc/shorewall/providers
>#NAME         NUMBER  MARK    DUPLICATE       INTERFACE GATEWAY
>OPTIONS         COPY
>Primary Link         1       1       main    eth0    200.175.xxx.xxx
>track,balance=1 eth2,eth3
>secundary Link     2       2       main    eth1    201.14.xxx.xxx
>track,balance=2 eth2,eth3
>
>/etc/shorewall/masq
>#INTERFACE              SOURCE          ADDRESS         PROTO PORT(S)
>IPSEC   MARK
>eth0    0.0.0.0/0       200.175.xxx.xxx
>eth1    0.0.0.0/0       201.14.xxx.xxx
>
>I don't have any tcrules configuration. There is no gateway
>configuration on /etc/network/interfaces file.
>
>I did a route -n and noticed that there is a external route just for the
>primary link.
>
>Destination     Gateway         Genmask         Flags Metric Ref Use Iface
>200.175.xxx.xxx 0.0.0.0         255.255.255.248 U     0 0        0 eth0
>201.14.xxx.xxx   0.0.0.0         255.255.255.248 U     0 0        0 eth1
>192.168.3.0     192.168.2.1     255.255.255.0   UG    0 0        0 eth3
>192.168.2.0     0.0.0.0         255.255.255.0   U     0 0        0 eth3
>192.168.0.0     0.0.0.0         255.255.255.0   U     0 0        0 eth2
>0.0.0.0         200.175.xxx.xxx 0.0.0.0         UG    0 0        0 eth0
>
>Is this correct? Can anyone help me?

You need a link monitor like LSM to make failover happen.

-Tom
You do not need a parachute to skydive. You only need a parachute to
skydive twice.





------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to