----- Original Message -----
From: "John McMonagle" <johnm@advocap.org>
To: "Shorewall Users" <shorewall-users@lists.sourceforge.net>
Sent: Monday, August 27, 2007 11:24 AM
Subject: [Shorewall-users] Mulit isp routing
: Working at building new firewalls.
: My old firewalls used shorewall 2.2.3 and I am setting up shorewall 4 now.
: Trying to use the new features.
:
: The documentation states that there is no provision to do automatic
: fallover of internet providers in case of failures.
:
: In my old setup a just had scripts to replace my default route
:
: Like this:
: ip rule delete prio 222 table 222
: ip rule add prio 222 table 222
: ip route add default table 222 proto static \
: nexthop via 69.128.2.137 dev eth1 weight 1 \
: nexthop via 205.196.135.26 dev eth2 weight 3
: # flush routes
: ip route flush cache
:
: for just eth1
: ip rule delete prio 222 table 222
: ip rule add prio 222 table 222
: ip route add default table 222 proto static \
: nexthop via 69.128.2.137 dev eth1
: # flush routes
: ip route flush cache
:
: Never did really automate it but was easy to stop using the failed
provider.
:
: I could still force ping out it for testing.
:
: What is the best way to change the routing without messing up shorewall.
:
: John
Hello John,
I would run this script that I found on this list, and enter in
Shorewall restart when this script rebuilds the routing tables
but run a shorewall directory that is configured for one ISp
#Purpose: If main ISP(Maxis) down then it
will automatic switch to second ISP(TMNET)
#Note: Please make sure this script run in the
cronjob every 5 minutes
#Tips: Use command "route -n" for checking default gateway
ISP1=xx.xx.xx.xx
ISP2=xxx.xxx.xxx.xxx
switch_Nic1()
{
/sbin/route del default
/sbin/route add default gw $ISP2
}
switch_Nic2()
{
/sbin/route del default
/sbin/route add default gw $ISP1
}
#
#
if /bin/ping -c1 -q www.google.com >/dev/null 2>&1;
then
echo "MAXIS GATEWAY is alive"
/sbin/ip route show
exit 0
else
if /sbin/route -n | /bin/grep ''^0.0.0.0'' | /bin/grep
"$ISP1"; then
/sbin/ip route flush cache
switch_Nic1
/sbin/route -n
------------------------------------------------------------------------------------Here
/etc/shorewall/backup/shorewall restart ./ ---Have these directorys
configured for single isp''s
/bin/echo "ISP Switch to Nic1 GATEWAY" |/bin/mail -s
"ISP switch to Nic1 GATEWAY" alert@yourdomain.com
else
if /sbin/route -n | /bin/grep ''^0.0.0.0'' | /bin/grep
"$ISP2"; then
/sbin/ip route flush cache
/sbin/route -n
------------------------------------------------------------------------------------Here
/etc/shorewall/backup2/shorewall restart ./---Have these directorys
configured for single isp''s
/bin/echo "ISP Switch to Nic1GATEWAY" |/bin/mail -s
"ISP switch to Nic2 GATEWAY" alert@yourdomain.com
switch_Nic2
fi
fi
Mike
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/