On 06/07/2013 01:12 AM, Meetoo Ashvin wrote: > Hello, > > I am facing a strange problem these days. I live in a country where > internet is still very slow. We use shorewall (le magnifique) to load > balance traffic between 3 ADSL modems bridged to our gateway. The > problem is that every now and then, randomly, one of the ADSL drops and > then reconnects with a new IP. > > I've put a script in "/etc/ppp/ip-up.d/" doing a "/sbin/shorewall status > > /dev/null && /sbin/shorewall restart -f" for the firewall to get the > new ips properly. > > I know it's not the best practice but out of 100 times, 99 times it > works without a glitch. > > For the one time, I loose my firewall completely, I get the 6 lines > basic firewall, I loose all access to the serveur and I need to log in > physically and do a shorewall restart. It happens once every 3-4 days > and hopefully I was on workplace when that happened. > > My question is: is there a way for shorewall to cater for this? I think > the problem may be that sometimes one of the ADSL takes more time than > needed to get a new IP, and shorewall doesn't really know what to do.
Have you looked at the output generated when Shorewall fails to restart? That should tell you exactly what is going wrong. If, as you suspect, the device is slow to come up, then you can add the "wait=<seconds>" option in /etc/shorewall/interfaces. I also suggest that you add 'optional' so that if the device fails to come up properly, the firewall will still start without it. HTH, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. A cloud service to automate IT design, transition and operations 2. Dashboards that offer high-level views of enterprise services 3. A single system of record for all IT processes http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
