search for: use_default_rt

Hi all I have been working with Shorewall connected to two ISPs lately, and I would like to suggest a couple of improvements to the MultiISP.html documentation page. I followed the examples in that page (but the legacy setup and the USE_DEFAULT_RT one), but I had problems with locally (by the firewall) generated packets: I wanted them to go out using only one ISP, but if I use a tcrules rule to accomplish this, I have all the packets that flow through the correct ISP connection, but 50% of them is given the wrong ip source address (the one f...

Hi, I'm using IPSEC in a multi-ISP configuration, lsm 0.131, Kernel 2.6.32, ipsec-tools 0.8.0 This worked fine with Shorewall/Shorewall-Lite 4.5.7. After updating Shorewall to 4.5.8 the routing of ESP packets doesn't work. If I change the Providers.pm file and add connmark => "! --mark 0/$mask" like before in Shorewall 4.5.7 than everything works fine. add_ijump

Hi I have a default route to 192.168.1.1 as soon as I start shorewall the default route dissapear. What do I need to do to have it not disappear. Kind Regards My network setup /etc/network/interfaces: # The primary network interface auto eth0 iface eth0 inet static address 192.168.1.17 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255

...net/pub/shorewall/development/4.2/shorewall-4.2.0-Beta3 New Features: 1) Beginning with Shorewall 4.0.0, the -f option was no longer the default for ''/etc/init.d/shorewall start''. Beginning with 4.0.13 and 4.2.0-Beta3, this is also true for Shoreawall-lite. 2) A new USE_DEFAULT_RT option has been added to shorewall.conf. When set to ''Yes'', it causes the Shorewall multi-ISP feature to create a different set of routing rules which are resilient to changes in the main routing table. Such changes can occur for a number of reasons, VPNs going...

Hi, I have a multi-isp configuration both on ppp interfaces. As one of them is 32Mbit/s and the other is 8Mbit/s , I have a weight setting of 4 to 1 as in the following providers file entries: vdsl 1 0x10000 - ppp1 - track,balance=4 adsl 2 0x20000 - ppp0 - track,balance=1 I would also like to have fallback between them so that if one is

the establishment of an openvpn link sometimes fails. I tracked it down to network traffic with wrong Sourceport in the answer packet (should be 1300 not 1024): 2 1.119309000 aaa.185.165 bbb.162.192 UDP 58 Source port: 1300 Destination port: 1300 3 1.119446000 bbb.162.192 aaa.185.165 UDP 66 Source port: 1024 Destination port: 1300 and a collateral entry in the connection tracking table

...,443 2:P 172.16.11.33 0.0.0.0/0 tcp 80,443 2 $FW 0.0.0.0/0 tcp 80,443 #shorewall.conf RESTORE_DEFAULT_ROUTE=No ROUTE_FILTER=No SAVE_IPSETS=No TC_ENABLED=Internal TC_EXPERT=No TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2" TRACK_PROVIDERS=Yes USE_DEFAULT_RT=No WIDE_TC_MARKS=Yes Thanks in advance -- *Fabiano Stocco** **Sysadmin* Agro Industrial Parati Ltda - Averama 44-3672-8000 44-8444-6635** ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensi...

...bility specified in the column. See shorewall-tcrules(5) and shorewall6-tcrules(5) for details. This column provides an alternative to the balance=<weight> option in the providers file. Example: /etc/shorewall/shorewall.conf MARK_IN_FORWARD_CHAIN=No ... USE_DEFAULT_RT=Yes ... TC_BITS=0 PROVIDER_BITS=2 PROVIDER_OFFSET=16 MASK_BITS=8 ZONE_BITS=4 Note: PROVIDER_OFFSET=16 and ZONE_BITS=4 means that the provider mask will be 0xf0000. /etc/shorewall/providers: #NAME NUMBER MARK DUP INTERFACE GATEWAY OPTIONS...

...bility specified in the column. See shorewall-tcrules(5) and shorewall6-tcrules(5) for details. This column provides an alternative to the balance=<weight> option in the providers file. Example: /etc/shorewall/shorewall.conf MARK_IN_FORWARD_CHAIN=No ... USE_DEFAULT_RT=Yes ... TC_BITS=0 PROVIDER_BITS=2 PROVIDER_OFFSET=16 MASK_BITS=8 ZONE_BITS=4 Note: PROVIDER_OFFSET=16 and ZONE_BITS=4 means that the provider mask will be 0xf0000. /etc/shorewall/providers: #NAME NUMBER MARK DUP INTERFACE GATEWAY OPTIONS...

Hi, I was reading document http://shorewall.net/MultiISP.html#idp3634200. Inspired by the document I was trying to establish the following changes: * one additional interface: COMA_IF * COM[A,B,C]_IF interfaces request IP address via DHCP * all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF * all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default * non-RFC 1918

Hi all, Im new to shorewell, can anyone guide me whether I can use shorewell for my work. I have a requirement in our work: Each system shall have two Ethernet card interfaces(system means hardware devices, servers, clients in other words any device or host used in the project). The IP address of each interface will be of different networks, subnets and gateways completely. Bcoz if one of

...MODULE_SUFFIX=ko MULTICAST=No MUTEX_TIMEOUT=60 NULL_ROUTE_RFC1918=No OPTIMIZE=0 OPTIMIZE_ACCOUNTING=No REQUIRE_INTERFACE=No RESTORE_DEFAULT_ROUTE=Yes RETAIN_ALIASES=No ROUTE_FILTER=No SAVE_IPSETS=No TC_ENABLED=No TC_EXPERT=No TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2" TRACK_PROVIDERS=No USE_DEFAULT_RT=No USE_PHYSICAL_NAMES=No ZONE2ZONE=2 BLACKLIST_DISPOSITION=DROP MACLIST_DISPOSITION=REJECT RELATED_DISPOSITION=ACCEPT SMURF_DISPOSITION=DROP SFILTER_DISPOSITION=DROP TCP_FLAGS_DISPOSITION=DROP TC_BITS= PROVIDER_BITS= PROVIDER_OFFSET= MASK_BITS= ZONE_BITS=0 IPSECFILE=zones -------------------------...

...iles used by SWPING and by LSM. See http://www.shorewall.net/MultiISP.html#load for additional information. Example that sends 1/3 of the connections to the ComcastC provider and the rest to ComcastB: /etc/shorewall/shorewall.conf MARK_IN_FORWARD_CHAIN=No ... USE_DEFAULT_RT=Yes /etc/shorewall/providers: #NAME NUMBER MARK DUP INTERFACE GATEWAY OPTIONS ComcastB 1 - - eth1 70.90.191.126 loose,balance,load=0.66666667 ComcastC 2 - - eth0 67.170.120.1 loose,fallback,load=0.33333333 Note: The ''loose...