On 09/10/2013 08:24 AM, John Doe wrote: > Hi, > > I use shorewall-4.5.4 + lsm-0.143 and it does not seem to work as expected... > When all providers are up, everything seems fine. > > When one goes down, lsm says "link <provider> down event"... and it seems > > ok but we then experience some problems such as a few unreachable sites, > > DNS problems... > If I remove the downed provider from all confs and restart, everything works > again.
DNS problems can be eliminated by running your own caching name server. > > Also, when the providers goes back up, lsm seems not to detect it when I use > external IPs or the next hop. He does if I use the LAN IPs but he won't > detect a failure past the box. Your main routing table *must* contain host entries for the external IPs out of the appropriate interface. > > Could someone check my confs to see if certain parameters would prevent > graceful deactivation of a provider...? > Maybe the accounting rules that use all 3 providers? > > About lsm, do I need to manualy add routes for the checked WAN IPs to go > through the respecting devices (as I read on the net) even though the > devices are in the conf? Yes! > I am also not sure about the ttl parameter... Should it match the numbers > of hops from the firewall? Yes. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
