hi, I use multiisp with 3 ISPs. I notice that when I start shorewall, the default route varies. Sometimes it is just ISP 1, sometimes 1 and 2 and sometimes 1 and 3. ISP 2 is temperamental and performs best when it is in the default route. How to force the default route so that ISP 2 is the first entry? -- regards Kenneth Gonsalves Associate, NRC-FOSS lawgon@au-kbc.org http://nrcfosshelpline.in/web/ Foss conference for the common man: http://registration.fossconf.in/web/ ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Kenneth Gonsalves wrote:> hi, > I use multiisp with 3 ISPs. I notice that when I start shorewall, the > default route varies. Sometimes it is just ISP 1, sometimes 1 and 2 > and sometimes 1 and 3. ISP 2 is temperamental and performs best when > it is in the default route. How to force the default route so that > ISP 2 is the first entry? > >Configure Shorewall correctly. -Tom PS -- if you don''t give us any concrete information about the problem and we can''t give you any clue about the solution. See http:://www.shorewall.net/support.htm#Guidelines. In addition to the information asked for at that URL, it would be useful to see your /etc/shorewall/providers file. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On 04-Mar-08, at 7:29 AM, Tom Eastep wrote:>> I use multiisp with 3 ISPs. I notice that when I start shorewall, >> the default route varies. Sometimes it is just ISP 1, sometimes 1 >> and 2 and sometimes 1 and 3. ISP 2 is temperamental and performs >> best when it is in the default route. How to force the default >> route so that ISP 2 is the first entry? > > Configure Shorewall correctly. > > -Tom > > PS -- if you don''t give us any concrete information about the > problem and we can''t give you any clue about the solution. See > http:://www.shorewall.net/support.htm#Guidelines. In addition to > the information asked for at that URL, it would be useful to see > your /etc/shorewall/providers file.sorry - I thought it was just a generic question. Here is the info: providers: net4india 2 2 main eth1 202.71.146.209 balance=1,track eth0 bsnl 1 1 main eth2 192.168.10.1 balance=1,track eth0 mit 3 3 main eth3 192.168.107.1 balance=1,track eth0 masq: eth1 eth0 202.71.146.210 eth1 192.168.10.3 202.71.146.210 eth1 192.168.107.55 202.71.146.210 eth2 eth0 192.168.10.3 eth2 eth0 202.71.146.210 eth2 192.168.107.55 192.168.10.3 eth3 eth0 192.168.107.55 eth3 202.71.146.210 192.168.107.55 eth3 192.168.10.3 192.168.107.55 interfaces: net eth1 detect net eth2 detect net eth3 detect loc eth0 detect route: [root@localhost shorewall]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 202.71.146.208 * 255.255.255.240 U 5 0 0 eth1 192.168.2.0 * 255.255.255.0 U 5 0 0 eth0 192.168.10.0 * 255.255.255.0 U 5 0 0 eth2 192.168.107.0 * 255.255.255.0 U 5 0 0 eth3 default 202.71.146.209 0.0.0.0 UG 0 0 0 eth1 default 192.168.107.1 0.0.0.0 UG 5 0 0 eth3 I want the default to be eth2 -- regards Kenneth Gonsalves Associate, NRC-FOSS lawgon@au-kbc.org http://nrcfosshelpline.in/web/ Foss conference for the common man: http://registration.fossconf.in/web/ ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Kenneth Gonsalves wrote:> > [root@localhost shorewall]# route > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 202.71.146.208 * 255.255.255.240 U 5 0 0 > eth1 > 192.168.2.0 * 255.255.255.0 U 5 0 0 > eth0 > 192.168.10.0 * 255.255.255.0 U 5 0 0 > eth2 > 192.168.107.0 * 255.255.255.0 U 5 0 0 > eth3 > default 202.71.146.209 0.0.0.0 UG 0 0 0 > eth1 > default 192.168.107.1 0.0.0.0 UG 5 0 0 > eth3 >The ''route'' utility can''t tell you what the routing actually looks like. The only way that the ancient version (3.2.9) of Shorewall you are running has of displaying the full routing picture is "shorewall dump": ============================================================================Routing Rules 0: from all lookup local 1000: from 192.168.2.111 lookup bsnl 1000: from 192.168.2.14 lookup bsnl 1000: from 192.168.2.85 lookup bsnl 1000: from 192.168.2.44 lookup bsnl 1000: from 192.168.2.137 lookup bsnl 1000: from 192.168.2.21 lookup net4india 10001: from all fwmark 0x1 lookup bsnl 10002: from all fwmark 0x2 lookup net4india 20000: from 192.168.10.3 lookup bsnl 20256: from 202.71.146.210 lookup net4india 32766: from all lookup main 32767: from all lookup default Table bsnl: 192.168.10.1 dev eth2 scope link src 192.168.10.3 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.201 metric 5 192.168.10.0/24 dev eth2 proto kernel scope link src 192.168.10.3 metric 5 default via 192.168.10.1 dev eth2 Table default: Table local: broadcast 202.71.146.223 dev eth1 proto kernel scope link src 202.71.146.210 broadcast 192.168.2.255 dev eth0 proto kernel scope link src 192.168.2.201 broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1 broadcast 192.168.10.255 dev eth2 proto kernel scope link src 192.168.10.3 local 192.168.2.201 dev eth0 proto kernel scope host src 192.168.2.201 local 192.168.10.3 dev eth2 proto kernel scope host src 192.168.10.3 broadcast 192.168.2.0 dev eth0 proto kernel scope link src 192.168.2.201 broadcast 192.168.10.0 dev eth2 proto kernel scope link src 192.168.10.3 local 202.71.146.210 dev eth1 proto kernel scope host src 202.71.146.210 broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1 broadcast 202.71.146.208 dev eth1 proto kernel scope link src 202.71.146.210 local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1 local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1 Table main: 202.71.146.208/28 dev eth1 proto kernel scope link src 202.71.146.210 metric 5 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.201 metric 5 192.168.10.0/24 dev eth2 proto kernel scope link src 192.168.10.3 metric 5 127.0.0.0/8 dev lo scope link default nexthop via 202.71.146.209 dev eth1 weight 2 nexthop via 192.168.10.1 dev eth2 weight 1 default via 202.71.146.209 dev eth1 metric 5 Table net4india: 202.71.146.209 dev eth1 scope link src 202.71.146.210 202.71.146.208/28 dev eth1 proto kernel scope link src 202.71.146.210 metric 5 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.201 metric 5 default via 202.71.146.209 dev eth1 ===============================================================================Notice that there is no table named ''mit''. So I suspect that your entry for that provider in /etc/shorewall/providers is the last line and that the line isn''t terminated with a newline character. That''s why all of the skeleton Shorewall config files end in a comment line that says it must be last. This line of output: default via 202.71.146.209 dev eth1 metric 5 indicates that you have a default route in your main table with metric 5 through eth1; because of the metric, Shorewall doesn''t replace the route -- it just inserts a route with metric 0 (which is the multi-path route that you see above it) so the route through eth1 is ignored. In summary, we still have no idea what is going on with your configuration other than Shorewall isn''t using eth3 at all for internet access. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/