From: Tom Eastep <teas...@shorewall.net> > To: shorewall-users@lists.sourceforge.net > Cc: > Sent: Tuesday, September 10, 2013 6:34 PM > Subject: Re: [Shorewall-users] lsm configuration issues... > > On 09/10/2013 08:24 AM, John Doe wrote: >> Hi, >> >> I use shorewall-4.5.4 + lsm-0.143 and it does not seem to work as > expected... >> When all providers are up, everything seems fine. >> >> When one goes down, lsm says "link <provider> down > event"... and it seems >> >> ok but we then experience some problems such as a few unreachable sites, >> >> DNS problems... >> If I remove the downed provider from all confs and restart, everything > works again. > > DNS problems can be eliminated by running your own caching name server. > >> >> Also, when the providers goes back up, lsm seems not to detect it when I > use >> external IPs or the next hop. He does if I use the LAN IPs but he > won't >> detect a failure past the box. > > Your main routing table *must* contain host entries for the external IPs > out of the appropriate interface. > >> >> Could someone check my confs to see if certain parameters would prevent >> graceful deactivation of a provider...? >> Maybe the accounting rules that use all 3 providers? >> >> About lsm, do I need to manualy add routes for the checked WAN IPs to go >> through the respecting devices (as I read on the net) even though the >> devices are in the conf? > > Yes! > >> I am also not sure about the ttl parameter... Should it match the numbers >> of hops from the firewall? > > Yes.
Finally found the time to test and... it still fails... If I put the next hop, with the manual routes (which do work with a ping test), lsm will correctly detect the link down, but will never detect the link back up (even if I have no problem manually pinging the next hop). If I put the external IP of the ADSL box, lsm will of course not see if the link is down past the box. Also, I caught many times zombie lsms that I had to kill manually... Is there a way to at least do lsm jobs manually? If I know one adsl link is down, what can I do to gracefully remove it from shorewall without having to go through all the configuration files to comment references to it? From: Thomas Harold <thomas-li...@nybeta.com> > One pitfall that I found is that "status=1" is set to zero by default > in > the stock /etc/lsm/lsm.conf file. In my version of lsm, it says: # assume initial up state at lsm startup (1 = up, 0 = down, 2 = unknown (default)) So unknown seems to be the default now... Thx, JD ------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
