Hi you all, I want to use Multi-ISP support on Shorewall and I read the docs, it says requires "requires that your kernel and iptables support CONNMARK target and conntrack match support." I use LEAF Bering-uClibc v2.4.1 kernel-2.4.32 and I''m not sure I have such support so I post here my ''shorewall show capabilities'' and asks you to help me. If this isn''t enough how can I make it run ? Oh, I will use 1 ethernet card with many 802.1q VLAN''s to connect to each ISP router, are there any problems with this setup ? Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Extended Multi-port Match: Not available Connection Tracking Match: Not available Packet Type Match: Available Policy Match: Not available Physdev Match: Available IP range Match: Not available Recent Match: Available Owner Match: Available Ipset Match: Not available CONNMARK Target: Available Connmark Match: Available Raw Table: Not available CLASSIFY Target: Not available FORWARD Mangle Chain: Not available Thanks in advance to any help Christian ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
On Fri, Jul 28, 2006 at 9:35pm Christian Villa Real Lopes <christian@genteboa.com.br> wrote:> Hi you all, I want to use Multi-ISP support on Shorewall and I read the > docs, it says requires "requires that your kernel and iptables support > CONNMARK target and conntrack match support." > > I use LEAF Bering-uClibc v2.4.1 kernel-2.4.32 and I''m not sure I have such > support so I post here my ''shorewall show capabilities'' and asks you to > help me.>From the output that you posted:CONNMARK Target: Available Connmark Match: Available Is that not clear?> Oh, I will use 1 > ethernet card with many 802.1q VLAN''s to connect to each ISP router, are > there any problems with this setup ?No. -Tom -- Tom Eastep \\ Nothing is foolproof to a sufficiently talented fool Shoreline, \\ http://shorewall.net Washington USA \\ teastep@avvanta.com ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>>From the output that you posted: > > CONNMARK Target: Available > Connmark Match: Available > > Is that not clear?sorry for the dumb question but I need to be sure about all this. I was a little confused because of "Connection Tracking Match: Not available" string that also apear.> >> Oh, I will use 1 >> ethernet card with many 802.1q VLAN''s to connect to each ISP router, are >> there any problems with this setup ? > > No. > > -TomOne more question, actually I have 3 ISP, and 2 of them are conected to the same router (it has 2 wan ports) so I can conect it to only one ethernet port. I also configure the route to do routing based on source ip of the packet. And configure only 1 of the ISP in the ''provider'' file. Is this ok ? or should I try to implement 2 VLAN on the router side ? ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
On Sun, Jul 30, 2006 at 7:52am Christian Villa Real Lopes <christian@genteboa.com.br> wrote:> > One more question, actually I have 3 ISP, and 2 of them are conected to > the same router (it has 2 wan ports) so I can conect it to only one > ethernet port. I also configure the route to do routing based on source > ip of the packet. And configure only 1 of the ISP in the ''provider'' file. > Is this ok ? or should I try to implement 2 VLAN on the router side ?If you just define two providers, you want to give the provider that corresponds to two ISP a weight that it twice that of the other provider to ensure that balancing works as you would expect. -Tom -- Tom Eastep \\ Nothing is foolproof to a sufficiently talented fool Shoreline, \\ http://shorewall.net Washington USA \\ teastep@avvanta.com ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV