Hi shorewall user group!
I have a Multi-ISP setup with 2 providers.
/etc/shorewall/providers:
###############################################
#############################################
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY
OPTIONS COPY
KTV 1 1 - web0 1.1.1.1
balance=1
SURF 2 2 - web1 172.16.1.254
balance=2
Note that KTV has a public IP but SURF a private IP because it is behind
router.
I monitor these two providers with monit and monit executes automatically
"/sbin/shorewall disable ${PROVIDER}" when it can't reach a certain host.
When the host is available again it runs "/sbin/shorewall enable
${PROVIDER}".
For provider SURF I made an entry in rtrules to ensure that the pings to
host 2.2.2.2, which I use to monitor SURF, always use IF web1.
/etc/shorewall/rtrules:
###############################################
#####################################
#SOURCE DEST PROVIDER PRIORITY
MASK
lo 2.2.2.2 SURF 1000
For provider KTV this is not necessary because monit pings the gateway
1.1.1.1, and therefor is always a route in table main.
This is how the rules look like when both providers are enabled:
# ip ru show
0: from all lookup local
999: from all lookup main
1000: from all to 2.2.2.2 iif lo lookup SURF
10000: from all fwmark 0x1/0xff lookup KTV
10001: from all fwmark 0x2/0xff lookup SURF
20000: from 172.16.1.1 lookup SURF
20000: from 1.1.1.99 lookup KTV
32765: from all lookup balance
32767: from all lookup default
And now the rules after "/sbin/shorewall disable SURF":
# ip ru show
0: from all lookup local
999: from all lookup main
10000: from all fwmark 0x1/0xff lookup KTV
20000: from 195.62.84.41 lookup KTV
32765: from all lookup balance
32767: from all lookup default
Shorewall removed all rules for provider SURF, also the one for host 2.2.2.2
which I need to to monitor SURF.
Now I have the problem that all pings to 2.2.2.2 would go through IF web0,
to KTV, and no longer through web1.
Is it possible to configure shorewall that it adds a permanent route to host
2.2.2.2 in table main, that even when provider SURF is disabled the pings
to host 2.2.2.2 go through IF web1?
I'd appreciate any hint to solve this riddle.
Cheers
Norbert
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
