Hello everybody, I known I''m missing something here (using shorewall 2.0.5 on linux trustix ). I need to mark packets hitting my external interface for load balancing purposes; I''m not doing any kinf of traffic control. Her it is what i did: in shorewall.conf: TC_ENABLED=Yes CLEAR_TC=No (also tried with yes) in tcrules: 1 eth0 0.0.0.0/0 all 80 -> "shorewall check" is fine. -> service shorewall restart terminates abnormally. Any hints is greatly appreciated. BTW, load balancing without fwmark is working great. Cheers, Mizzio
mizzio wrote:> Hello everybody, > > I known I''m missing something here (using shorewall 2.0.5 on linux > trustix ). > I need to mark packets hitting my external interface for load balancing > purposes; I''m not doing any kinf of traffic control. > > Her it is what i did: > > in shorewall.conf: > > TC_ENABLED=Yes > CLEAR_TC=No (also tried with yes) > > in tcrules: > > 1 eth0 0.0.0.0/0 all 80 > > > -> "shorewall check" is fine. > > -> service shorewall restart terminates abnormally. > > Any hints is greatly appreciated. BTW, load balancing without fwmark is > working great. >Please send a trace of "shorewall restart" (see http://shorewall.net/troubleshoot.htm for instructions). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
mizzio wrote:> Hello everybody, > > I known I''m missing something here (using shorewall 2.0.5 on linux > trustix ). > I need to mark packets hitting my external interface for load balancing > purposes; I''m not doing any kinf of traffic control. > > Her it is what i did: > > in shorewall.conf: > > TC_ENABLED=Yes > CLEAR_TC=No (also tried with yes) > > in tcrules: > > 1 eth0 0.0.0.0/0 all 80 >"all 80" is nonsensical -- should be "tcp 80". -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom, I will never say thank you enough !!! Cheers, mizzio Lì giovedì, 2004/07/15 alle 10:57, -0700, Tom Eastep ha scritto:> mizzio wrote: > > Hello everybody, > > > > I known I''m missing something here (using shorewall 2.0.5 on linux > > trustix ). > > I need to mark packets hitting my external interface for load balancing > > purposes; I''m not doing any kinf of traffic control. > > > > Her it is what i did: > > > > in shorewall.conf: > > > > TC_ENABLED=Yes > > CLEAR_TC=No (also tried with yes) > > > > in tcrules: > > > > 1 eth0 0.0.0.0/0 all 80 > > > > "all 80" is nonsensical -- should be "tcp 80". > > -Tom
For anybody that might be interested, I''ve been able to set up a
trustix
+ shorewall firewall box to act as a web server load balancer (with
ldirectord).
---------[Web server 1]
[internet]-----[firewall]---|
---------[Web server 2]
The interesting thing is that I mark the packet directed to port 80 on
external interface of the firewall with fwmark, then I accept the packet
in /etc/shorewall/rules (using is dest ip address), and then I forward
these packets on the two webserver using ldirectord.
With this configuration I have a load balancing and failover
configuration.
I also want to say thank you to everybody for the support.
cheers,
mizzio
Lì giovedì, 2004/07/15 alle 20:15, +0200, mizzio ha
scritto:> Tom,
>
> I will never say thank you enough !!!
>
> Cheers,
> mizzio
>
> Lì giovedì, 2004/07/15 alle 10:57, -0700, Tom Eastep ha scritto:
> > mizzio wrote:
> > > Hello everybody,
> > >
> > > I known I''m missing something here (using shorewall
2.0.5 on linux
> > > trustix ).
> > > I need to mark packets hitting my external interface for load
balancing
> > > purposes; I''m not doing any kinf of traffic control.
> > >
> > > Her it is what i did:
> > >
> > > in shorewall.conf:
> > >
> > > TC_ENABLED=Yes
> > > CLEAR_TC=No (also tried with yes)
> > >
> > > in tcrules:
> > >
> > > 1 eth0 0.0.0.0/0 all 80
> > >
> >
> > "all 80" is nonsensical -- should be "tcp 80".
> >
> > -Tom
>
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
>