On 11/18/2013 10:14 AM, Nuno Fernandes wrote:
> On Monday 18 November 2013 09:58:24 Tom Eastep wrote:
>
>> On 11/18/2013 9:33 AM, Nuno Fernandes wrote:
>
>> > On Monday 18 November 2013 07:54:01 Tom Eastep wrote:
>
>> >> Are you running LSM? You must in order for this to work properly.
>
>> >>
>
>> >> Note that existing connections through the failed provider cannot fail
>
>> >> over to the other provider; only new connections that would normally go
>
>> >> through the failed provider can be handled by the remaining one.
>
>> >
>
>> > I'm using:
>
>> >
>
>> > # shorewall version
>
>> > 4.5.4.2
>
>> >
>
>> > with swping. The failover works fine. If i loose a provider, all new
>
>> > traffic is redirected to the remaining connection and when the provider
>
>> > comes back up, new connections are routed back through both providers.
>
>> >
>
>> > The problems are on connections that are "forced" using rtrules to a
>
>> > specific provider. I would like to have them failover to the remaining
>
>> > provider when the main one fails and back again to that provider when
>
>> > it's online.
>
>> >
>
>> > Any ideas?
>
>>
>
>> Once again -- you cannot cause existing connections to fail over to the
>
>> other provider. When a provider fails, outgoing packets will try to use
>
>> the other provider but there is no way that response packets can be
>
>> returned back correctly (except in very limited setups where the
>
>> upstream routers are closely associated and can fail over routing of
>
>> incoming packets).
>
>>
>
>> -Tom
>
>
>
>
>
> Hello,
>
>
>
> Maybe i'm not making myself clear. I understand that existing
> connections can't fail to the other provider. Let me explain it step by
> step:
>
>
>
> 1 - All is working fine.
>
> 1.1 - If a "new connection" is made from the internal network and it
> matches one of the rtrules rules it is routed through the stated provider.
>
> 1.2 - If a "new connection" is made from the internal network and it
> doesn't match any of the rtrules rules it is routed through one of the
> providers (using balance ratio in the providers file).
>
>
>
> 2 - Swping detects that the main link is down. It does a:
>
> ${VARDIR}/firewall disable $INTF
>
>
>
> 3 - Main link is down.
>
> 3.1 - If a "new connection" is made from the internal network and it
> matches one of the rtrules rules it is not routed through the remaining
> provider.The 'disable' command should be deleting the rtrules for the failed provider. Are you saying that is not the case? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Shape the Mobile Experience: Free Subscription Software experts and developers: Be at the forefront of tech innovation. Intel(R) Software Adrenaline delivers strategic insight and game-changing conversations that shape the rapidly evolving mobile landscape. Sign up now. http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
