I have two feeds, one with a static IP and one with a dynamic IP. How can I configure a Multi-ISP setup with the dynamic IP, or can I? I don''t think the gateway will change, just the interface IP. -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
-----Message d''origine----- De : shorewall-users-admin@lists.sourceforge.net [mailto:shorewall-users-admin@lists.sourceforge.net] De la part de Chris Mason (Lists) Envoyé : vendredi 24 mars 2006 13:47 À : Shorewall-Users Objet : [Shorewall-users] Multi-ISP with one Dynamic IP I have two feeds, one with a static IP and one with a dynamic IP. How can I configure a Multi-ISP setup with the dynamic IP, or can I? I don''t think the gateway will change, just the interface IP. ============================ Hello, I have the same setup here so here is my config: - File providers: #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY nerim 200 200 main ppp0 detect track,balance eth2,eth3,eth4 n9uf 201 201 main ppp1 detect track,balance eth2,eth3,eth4 - Masq file: #INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC $IFISP1 eth2 $IPISP1 $IFISP2 eth2 $IPISP2 $IFISP1 eth3 $IPISP1 $IFISP2 eth3 $IPISP2 $IFISP1 eth4 $IPISP1 $IFISP2 eth4 $IPISP2 - Interfaces file: #ZONE INTERFACE BROADCAST OPTIONS GATEWAY # net ppp0 detect norfc1918,blacklist net ppp1 detect norfc1918,blacklist I use ppp interfaces as I connect via pppoe - params file: IFISP1=ppp0 IFISP2=ppp1 IPISP1=`find_interface_addresses ppp0 ` IPISP2=`find_interface_addresses ppp1 ` I guess this should be enough, if you need more infos just ask. Manuel ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
Manuel Goepfert wrote:> > > Hello, > > I have the same setup here so here is my config: > >Wonderful, thanks. What I was not sure was whether you could use the params variables in the masq parameters, obviously you can. Now, presumably the variables are set on startup, how can we make shorewall restart on change of ip? -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
I have a adsl with dynamic ip, and I resolv this problem adding to: /etc/ppp/ip-up the line /sbin/shorewall restart Every time the adsl change the ip, shorewall restart. Andrés ----- Original Message ----- From: "Chris Mason (Lists)" <lists@masonc.com> To: <shorewall-users@lists.sourceforge.net> Sent: Friday, March 24, 2006 10:55 AM Subject: Re: [Shorewall-users] Multi-ISP with one Dynamic IP> Manuel Goepfert wrote: >> >> >> Hello, >> >> I have the same setup here so here is my config: >> >> > Wonderful, thanks. What I was not sure was whether you could use the > params variables in the masq parameters, obviously you can. Now, > presumably the variables are set on startup, how can we make shorewall > restart on change of ip? > > -- > Chris Mason > NetConcepts > (264) 497-5670 Fax: (264) 497-8463 > Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 > Cell: 264-235-5670 > Yahoo IM: netconcepts_anguilla@yahoo.com > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting > language > that extends applications into web and mobile media. Attend the live > webcast > and join the prime developer group breaking into this new coding > territory! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
-----Message d''origine----- De : shorewall-users-admin@lists.sourceforge.net [mailto:shorewall-users-admin@lists.sourceforge.net] De la part de Chris Mason (Lists) Envoyé : vendredi 24 mars 2006 14:55 À : shorewall-users@lists.sourceforge.net Objet : Re: [Shorewall-users] Multi-ISP with one Dynamic IP Wonderful, thanks. What I was not sure was whether you could use the params variables in the masq parameters, obviously you can. Now, presumably the variables are set on startup, how can we make shorewall restart on change of ip? ==================================================== Hello, On my gateway running on Debian I''ve added the following scripts in /etc/ppp/ip-up.d/ ==================== script =================#!/bin/sh # # ip-up script for ddclient # # These variables are for the use of the scripts run by run-parts # PPP_IFACE="$1" # PPP_TTY="$2" # PPP_SPEED="$3" # PPP_LOCAL="$4" # PPP_REMOTE="$5" # PPP_IPPARAM="$6" if=ppp0 # Check, if this is the interface ppp0 if [ ! $if = $PPP_IFACE ]; then exit 0 fi /sbin/shorewall restart ==================== script ================= Manuel ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
I am updating a dyndns name with ddclient so all I had to do was add postscript=''/sbin/service shorewall restart'' to ddclient.conf to acheive the same thing. I don''t know for sure that it works, but I will find out soon. -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
Chris Mason (Lists) wrote:> I am updating a dyndns name with ddclient so all I had to do was add > postscript=''/sbin/service shorewall restart'' > > to ddclient.conf to acheive the same thing. I don''t know for sure that > it works, but I will find out soon.Ddclient usually runs on set intervals. Putting the ''shorewall restart'' (don''t use /sbin/service) in your ifup script makes more sense - it will restore normal service more quickly. -- Paul <http://paulgear.webhop.net> -- Did you know? Most email-borne viruses use a false sender address, so you cannot track down the sender using that address. Instead, keep your virus scanning software up-to-date and just delete any suspicious emails you receive.
Paul Gear wrote:> Chris Mason (Lists) wrote: > >> I am updating a dyndns name with ddclient so all I had to do was add >> postscript=''/sbin/service shorewall restart'' >> >> to ddclient.conf to acheive the same thing. I don''t know for sure that >> it works, but I will find out soon >> > > Ddclient usually runs on set intervals. Putting the ''shorewall restart'' > (don''t use /sbin/service) in your ifup script makes more sense - it will > restore normal service more quickly. > >Where would that be for eth1? Would it be in /etc/sysconfig/network-scripts/ifcfg-eth1 or is that just variables? -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Chris Mason (Lists) wrote:> ... >> Ddclient usually runs on set intervals. Putting the ''shorewall restart'' >> (don''t use /sbin/service) in your ifup script makes more sense - it will >> restore normal service more quickly. >> >> > > Where would that be for eth1? Would it be in > /etc/sysconfig/network-scripts/ifcfg-eth1 or is that just variables?It depends on your distro - that looks like Red Hat or Fedora Core. I can''t remember where the ifup script is for that, but it''s certainly got one. It *might* be called ifup.local in the same directory, or something like that. -- Paul <http://paulgear.webhop.net> -- Did you know? It is illegal to use your copy of Microsoft Office on multiple computers without multiple licenses. Why not try the free alternative OpenOffice.org? <http://www.openoffice.org>
> I have two feeds, one with a static IP and one with a dynamic IP. How > can I configure a Multi-ISP setup with the dynamic IP, or can I? I don''t > think the gateway will change, just the interface IP.What about restarting Shorewall through a dhclient-exit-hooks script? Every time dhclient runs, it checks for the presence of an exit-hooks script and runs it, passing the script certain variables. The script can check the "reason" variable to decide if your IP address has changed and decide whether or not to restart Shorewall. You can also use the same technique to re-run ddclient, thus avoiding keeping ddclient running as a daemon. I say that all this is possible, but I lack the skills to write an example script that actually works. If I ever get a working sample, I''ll post it, but that''s a low priority for me now. -Russel Riley -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.3.1/292 - Release Date: 3/24/2006 ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>> I have two feeds, one with a static IP and one with a dynamic IP. How >> can I configure a Multi-ISP setup with the dynamic IP, or can I? I >> don''t >> think the gateway will change, just the interface IP. > >What about restarting Shorewall through a dhclient-exit-hooks script? >Every >time dhclient runs, it checks for the presence of an exit-hooks script >and >runs it, passing the script certain variables. The script can check >the >"reason" variable to decide if your IP address has changed and decide >whether or not to restart Shorewall. You can also use the same >technique to >re-run ddclient, thus avoiding keeping ddclient running as a daemon. > >I say that all this is possible, but I lack the skills to write an >example >script that actually works. If I ever get a working sample, I''ll post >it, >but that''s a low priority for me now.I said it was a low priority for me to do this, but I''ve looked at some examples and read a bit of documentation. After doing some testing, this is what works for me: # /etc/dhcp3/dhclient-exit-hooks.d/shorewallrestart echo `date`: Running dhclient on $interface - reason is $reason\ >> /tmp/shorewallrestart.debug if [ x$reason = xRENEW ] || [ x$reason = xREBIND ]; then echo Restarting shorewall, ddclient, and openvpn\ >> /tmp/shorewallrestart.debug /sbin/shorewall restart /usr/sbin/ddclient /etc/init.d/openvpn restart fi echo ''------------------------------------'' >> /tmp/shorewallrestart.debug # end of script Suggested improvements are welcome. -Russel ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642