I am faced with a network that needs to autoswitch to isdn should T-1 go down. After a shorewall search it looks to be quite a deal with routing config with linux. Like scripts written to deal with knowing the T-1 is down. I looked into a cisco router that does this. around $3000 This network has used shorewall as the gateway for 4 years now. Currently Fedora as op. system. It appears to me that I would have to do a lot of reasearch to get this to work with Fedora? Although Tom states in Faq 32 that the shorewall config is easy. The routing is key on a configuration like this. Since I have been away from the list for so long, Is a failover as opposed to load balancing Isp''s. Harder to do? Or I be advised to go the Cisco route and be done with this problem? Has anyone on the list tackled this? Thanks Mike
On Mon, 2004-11-22 at 09:53 -0800, Mike Lander wrote:> I am faced with a network that needs to autoswitch to isdn should > T-1 go down. After a shorewall search it looks to be quite a deal with > routing > config with linux. Like scripts written to deal with knowing the T-1 is > down. > I looked into a cisco router that does this. around $3000 > This network has used shorewall as the gateway for 4 years now. > Currently Fedora as op. system. It appears to me that I would have to > do a lot of reasearch to get this to work with Fedora? Although Tom > states in Faq 32 that the shorewall config is easy. The routing is key > on a configuration like this. > Since I have been away from the list for so long, > Is a failover as opposed to load balancing Isp''s. > Harder to do? Or I be advised to go the Cisco route > and be done with this problem? > Has anyone on the list tackled this?Actually, this shouldn''t be that difficult. Check the archives for the last week or so; someone outlined what needs to be done (and I believe that it is easier than load-balancing). -Ton -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
> On Mon, 2004-11-22 at 09:53 -0800, Mike Lander wrote: >> I am faced with a network that needs to autoswitch to isdn should >> T-1 go down. After a shorewall search it looks to be quite a deal with >> routing >> config with linux. Like scripts written to deal with knowing the T-1 is >> down. >> I looked into a cisco router that does this. around $3000 >> This network has used shorewall as the gateway for 4 years now. >> Currently Fedora as op. system. It appears to me that I would have to >> do a lot of reasearch to get this to work with Fedora? Although Tom >> states in Faq 32 that the shorewall config is easy. The routing is key >> on a configuration like this. >> Since I have been away from the list for so long, >> Is a failover as opposed to load balancing Isp''s. >> Harder to do? Or I be advised to go the Cisco route >> and be done with this problem? >> Has anyone on the list tackled this? > > Actually, this shouldn''t be that difficult. Check the archives for the > last week or so; someone outlined what needs to be done (and I believe > that it is easier than load-balancing). > > -Ton > FAQ: http://www.shorewall.net/FAQ.htmTom, I found a post is this the one you referred me to??----------------Mike Hello Matthew, Matthew Hale said the following on 18-Nov-04 23:51:> Bit of a shorewall newbie so if the answer is obvious please be gentle. > > We have been using version 1.4.2 for a while now and are very happy with > how it performs, however we are looking to increase the resilience of > our internet connection by providing a second internet feed. The idea > being that should the primary connection fail shorewall will > transparently (as far as users are concerned) switch to the second > connection.If you only want failover and not loadbalancing, this is something that needs to be solved outside of shorewall imho. In theory the only thing you would need to do when ISP #1 fails is to change the default route to ISP #2. I would assume your FW would have at least 3 interfaces: 1) Internal network 2) ISP #1 3) ISP #2 By default you set the default route to the def GW of ISP #1. Now you can do a fancy thing, or the poor mans solution. Fancy, run some sort of link state routing between you and ISP #1 and ISP #2 which will detect the link failure and set the def GW to ISP #2. The poor man solution would be to ping the def GW of ISP #1 every minute, if no answer then switch the def GW to ISP #2. Then have a script ping the ISP #1 gw every minute till it''s back and switch back the routes. If you want loadbalancing indeed, then see tom''s answer.
On Mon, 2004-11-22 at 11:09 -0800, Mike Lander wrote:> > -Ton > > FAQ: http://www.shorewall.net/FAQ.htm > > > Tom, I found a post is this the one you referred me to??----------------MikeYes -- and I added on a follow-on post that you still need the Shorewall configuration changes mentioned in FAQ 32. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
> -----Original Message----- > From: shorewall-users-bounces@lists.shorewall.net > [mailto:shorewall-users-bounces@lists.shorewall.net] On > Behalf Of Mike Lander > Sent: Monday, November 22, 2004 6:53 PM > To: Shorewall Users > Subject: [Shorewall-users] Dynamic Failover > > I am faced with a network that needs to autoswitch to isdn should > T-1 go down. After a shorewall search it looks to be quite a > deal with routing config with linux. Like scripts written to > deal with knowing the T-1 is down. > I looked into a cisco router that does this. around $3000 > This network has used shorewall as the gateway for 4 years now. > Currently Fedora as op. system. It appears to me that I would > have to do a lot of reasearch to get this to work with > Fedora? Although Tom states in Faq 32 that the shorewall > config is easy. The routing is key on a configuration like this. > Since I have been away from the list for so long, Is a > failover as opposed to load balancing Isp''s. > Harder to do? Or I be advised to go the Cisco route and be > done with this problem? > Has anyone on the list tackled this? >That is exactly what we have here, an E1 with an ISDN backup using a Cisco 1601 It works really well as long as the line goes down, but sometimes we have had a "bad" line so the router doesn''t automatically initiate the ISDN line. As this was setup before Shorewall I took the easy option, but on the list of things to do is to add throttling on certain services whenever the ISDN link comes up - it should be relatively easy with a syslog monitor Graham -- Graham K. Dodd Director of Operations Falk & Ross GmbH Tel: 06301 717 0
for the first method, how to check the link state ? On Tue, 23 Nov 2004 10:08:22 +0100, Graham Dodd <g.dodd@falk-ross.de> wrote:> > > > > -----Original Message----- > > From: shorewall-users-bounces@lists.shorewall.net > > [mailto:shorewall-users-bounces@lists.shorewall.net] On > > Behalf Of Mike Lander > > Sent: Monday, November 22, 2004 6:53 PM > > To: Shorewall Users > > Subject: [Shorewall-users] Dynamic Failover > > > > I am faced with a network that needs to autoswitch to isdn should > > T-1 go down. After a shorewall search it looks to be quite a > > deal with routing config with linux. Like scripts written to > > deal with knowing the T-1 is down. > > I looked into a cisco router that does this. around $3000 > > This network has used shorewall as the gateway for 4 years now. > > Currently Fedora as op. system. It appears to me that I would > > have to do a lot of reasearch to get this to work with > > Fedora? Although Tom states in Faq 32 that the shorewall > > config is easy. The routing is key on a configuration like this. > > Since I have been away from the list for so long, Is a > > failover as opposed to load balancing Isp''s. > > Harder to do? Or I be advised to go the Cisco route and be > > done with this problem? > > Has anyone on the list tackled this? > > > > That is exactly what we have here, an E1 with an ISDN backup using a Cisco > 1601 > > It works really well as long as the line goes down, but sometimes we have > had a "bad" line so the router doesn''t automatically initiate the ISDN line. > > As this was setup before Shorewall I took the easy option, but on the list > of things to do is to add throttling on certain services whenever the ISDN > link comes up - it should be relatively easy with a syslog monitor > > Graham > > -- > > Graham K. Dodd > Director of Operations > Falk & Ross GmbH > Tel: 06301 717 0 > > > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
On Wed, 2004-11-24 at 10:52 +0800, Adrian Mak wrote:> for the first method, how to check the link state ? >if ping $IP_OF_LINK_NEXT_ROUTER -n -c 4 > /dev/null 2>&1; then echo "Link is up" else echo "Link is not up" fi -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key