search for: multiisp

Hi all I have been working with Shorewall connected to two ISPs lately, and I would like to suggest a couple of improvements to the MultiISP.html documentation page. I followed the examples in that page (but the legacy setup and the USE_DEFAULT_RT one), but I had problems with locally (by the firewall) generated packets: I wanted them to go out using only one ISP, but if I use a tcrules rule to accomplish this, I have all the packets th...

In policy : -----Message d''origine----- De : shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] De la part de Tom Eastep Envoyé : jeudi 12 octobre 2006 21:22 À : Shorewall Users Objet : Re: [Shorewall-users] Tc rules Help with multiISP + squid& squidguard... Joffrey FLEURICE wrote: > > > All works, but no surf with squid, if I disable REDIRECT and squid all > work perfectly. I don''t see any fw->net ACCEPT rule for TCP port 80. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talent...

...EPT Dump.rar join THX -----Message d''origine----- De : shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] De la part de Tom Eastep Envoyé : jeudi 12 octobre 2006 21:22 À : Shorewall Users Objet : Re: [Shorewall-users] Tc rules Help with multiISP + squid& squidguard... Joffrey FLEURICE wrote: > > > All works, but no surf with squid, if I disable REDIRECT and squid all > work perfectly. I don''t see any fw->net ACCEPT rule for TCP port 80. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talent...

...static routing tables got filled with about 850 static routes to networks "table or scope zebra" I think it was. Now I don''t have a reason why not to trust the routes my ISP-4 provided but the thing that scares me most is the following ... How will a bgp + zebra + shorewall multiISP( track, balance mode ) setup will function together?? Is it ok for shorewall if the zebra daemon will supply routes to the "zebra" routing table ?? Should I Ignore and not start zebra but just BGP in order to keep my ISP happy ( and obviously ignore the routes ) ??? Your comments w...

Hello, it seems I am hit by http://shorewall.net/MultiISP.html#Local : "Experience has shown that in some cases, problems occur with applications running on the firewall itself. This is especially true when you have specified routefilter on your external interfaces in /etc/shorewall/interfaces (see above). When this happens, it is suggested that you...

I'm using shorewall 3.0.4 with ubuntu dapper. I've compiled the kernel with the option CONFIG_IP_ROUTE_MULTIPATH_CACHED=n. I had a trouble with, pptp connection, I'm trying to connect a using microsoft vpn a vpn server out of my lan, and don't work. My files <providers> ADSL1 1 1 main eth1.600 10.190.1.1 track,balance eth0 ADSL1 2 2 main eth1.601 10.190.2.1

Hi, as per the shorewall MultiISP documentation ( http://www1.shorewall.net/MultiISP.html ), it says "Use of this feature requires that your kernel and iptables include CONNMARK target and connmark match support (Warning: Standard Debian™ and Ubuntu™ kernels are lacking that support!)." it means MultiISP wont w...

Hi to the list, I configured a multi-provider setup with /etc/shorewall/providers: Orange 1 1 main eth1 81.255.74.150 track,balance=1 eth0 Free 2 2 main eth2 88.180.116.254 track,balance=3 eth0 and /etc/shorewall/tcrules: 2:P 192.168.2.0/24 0.0.0.0/0 tcp 143 2:P 192.168.2.0/24

...****************** -----Message d''origine----- De : shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] De la part de Tom Eastep Envoyé : vendredi 13 octobre 2006 23:15 À : Shorewall Users Objet : Re: [Shorewall-users] Tc rules Help with multiISP + squid& squidguard... Joffrey FLEURICE wrote: > > DMZ eth2 detect dhcp > Local eth1 detect dhcp,routeback > Net eth0 detect > Net ppp0 - dhcp > Maint tun0 detect > Lo lo > > >Defining a zone for the ''lo'' device is silly and unnecessary; it sh...

Hi, I have a multi-isp configuration both on ppp interfaces. As one of them is 32Mbit/s and the other is 8Mbit/s , I have a weight setting of 4 to 1 as in the following providers file entries: vdsl 1 0x10000 - ppp1 - track,balance=4 adsl 2 0x20000 - ppp0 - track,balance=1 I would also like to have fallback between them so that if one is

Hi all, I''ve been using shorewall 3 (3.4.8 now) for a while on a simple gateway setup for my office. Routing is enabled only for a few hosts and all user access the internet thru squid, which is running on the shorewall box. I have a few other services on this box and some others on another server, but they don''t matter for what I need. Quick and dirty schematics to illustrate

While troubleshooting my MultiISP box, I suspect I might have found either a bug or an incompatibility with CentOS 5.2. In prog.header (function detect_dynamic_gateway), Shorewall tries to look for: /var/lib/dhcp/dhclient-${1}.lease However (at least under CentOS 5 - unknown about other OSes), this should be: /var/lib/dhclien...

...e del -net 192.168.253.0 netmask 255.255.255.252 gw 192.168.253.1 root@TestServer:/etc/shorewall# cat providers # # Shorewall version 4 - Providers File # # For information about entries in this file, type "man shorewall-providers" # # For additional information, see http://shorewall.net/MultiISP.html # ############################################################################ ################ #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY ll 1 1 - eth1:192.168.254.5 192.168.254.1 track,loose,balance - sg 2...

Hi, I was reading document http://shorewall.net/MultiISP.html#idp3634200. Inspired by the document I was trying to establish the following changes: * one additional interface: COMA_IF * COM[A,B,C]_IF interfaces request IP address via DHCP * all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF * all non-RFC 1918 destined trafic from GW is rout...

I am using shorewall-4.2.5-1 on RHEL-5.2 for a MultiISP connection. Everything works great. I run vpn, proxy, mail relay on the firewall. Hence I do the application level management. So far I was using third party script "gwping" for my failover mechanism. Just wondering if shorewall has any native programs to handle fail over ? Than...

Dear list, Shorewall is running here with 2 ISP''s: ISP1: corporate ADSL-line with fixed set of IP''s ISP2: fast consumer-grade cable-connection with higher bandwidth All our main traffic (web, e-mail) is routed trough ISP1. Only for special purposes (frequent large ftp-transfers) ISP2 is used, configured trough tcrules. ISP2 is not so reliable as ISP1 (duh) and they sometimes

Hi, Shorewall version -4.0.12-2 (EL5 rpm version) OS : Centos 5.2 I have shorewall successfully running on Linux with multi ISP. Trying to make services such as "rsync, ftp" go through my secondary ISP. For which I did the following eth0 : Internal LAN eth4 : DSL (Second ISP) => x.x eth5 : T1 (First ISP) => y.y Created the following entries in

When I attempt to start shorewall (version 4.0.15) I get an RTNETLINK error (see below). /var/log/shorewall-init.log [...] 21:02:18 Creating Interface Chains... 21:02:19 Adding Providers... RTNETLINK answers: File exists ERROR: Command "ip route add table 1 129.116.XXX.0/24 dev eth2 proto kernel s cope link src 129.116.XXX.30" Failed 21:02:25 Shorewall-generated routing tables and

I''m planning a multi isp setup and cafully read the documentation. One thing that bothers me is the masq file. The example uses a single ip address on each public interface. I have multiple addresses on both public interfaces (16 on one and 64 on the other). I''m a bit confused about what to put in the masq file in this situation. Any insights would be appreciated. Ronald --

Hi everyone! I need to create a rule that return back the packages sender. For example, if the IP 200.xxx.xxx.xxx tries to connect to my firewall in one specific port, the rules turns back the connection to 200.xxx.xxx.xxx. With this rule the Engineers Department will test some equipments with GSM chips. One point to observe is that we don''t know witch IP will connect to this rules.