Hi, I would like to clarify a doubt on the configuration of the archive "providers" : I have two DSL links both are dedicated : Link1: 200.163.191.58 (ppp0) Gw1: 200.180.128.228 Link2: 200.163.190.41 (ppp1) Gw2: 200.180.128.228 (Yes both gateway are equal) I don''t do balance betwen the links. My "/etc/shorewall/provider" is like this : LinkNAV 1 1 main ppp0 200.180.128.228 track - LinkVPN 2 2 main ppp1 200.180.128.228 track - When I try to start shorewall the folowing appears in the log and don''t start : Processing /etc/shorewall/providers... RTNETLINK answers: File exists If I change the config like this : LinkNAV 1 1 - ppp0 200.180.128.228 track - LinkVPN 2 2 - ppp1 200.180.128.228 track - The shorewall start but some obscure things happen, certainly because routing problems. There''s a hint to use the configurantion of multilink in shorewall (providers), having 2 equal gateways ? I already looked for in the FAQ''s and the documentation : http://www.shorewall.net/Shorewall_and_Routing.html http://www.shorewall.net/MultiISP.html without sucess.... Thanks a lot. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Cleiton Peres Reis Servidores Linux. DoctorNet Redes e Conectividade Ltda Rua General Osorio, 1092 Centro - CEP 96020-000 - Pelotas/RS =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
On Thursday 01 December 2005 12:04, Cleiton Peres Reis wrote:> Hi, > > I would like to clarify a doubt on the configuration of the archive > "providers" : > > I have two DSL links both are dedicated : > > Link1: 200.163.191.58 (ppp0) > Gw1: 200.180.128.228 > > Link2: 200.163.190.41 (ppp1) > Gw2: 200.180.128.228 > > (Yes both gateway are equal) > > I don''t do balance betwen the links.So if you are not going to balance, what *are* you going to do? Route everything out of one line? Specify where all traffic goes using entries in /etc/shorewall/tcrules? You can''t just say "I don''t do balance" without having a plan for *exactly* how you plan to assign packets to your two lines.> The shorewall start but some obscure things happen, certainly because > routing problems."some obscure things happen" is not a problem report. Please submit the information requested at http://www.shorewall.net/support.htm (if you are running Shorewall 3.x) or http://www.shorewall.net/2.0/support.htm (if you are running Shorewall 2.x). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Ok. Tom Eastep disse:> On Thursday 01 December 2005 12:04, Cleiton Peres Reis wrote: >> Hi, >> >> I would like to clarify a doubt on the configuration of the archive >> "providers" : >> >> I have two DSL links both are dedicated : >> >> Link1: 200.163.191.58 (ppp0) >> Gw1: 200.180.128.228 >> >> Link2: 200.163.190.41 (ppp1) >> Gw2: 200.180.128.228 >> >> (Yes both gateway are equal) >> >> I don''t do balance betwen the links. > > So if you are not going to balance, what *are* you going to do? Route > everything out of one line? Specify where all traffic goes using entries > in /etc/shorewall/tcrules? You can''t just say "I don''t do balance" without > having a plan for *exactly* how you plan to assign packets to your two lines.I going to use 1 link to VPN Traffic "only" and the other link to WWW, MAIL, FTP, etc ....> >> The shorewall start but some obscure things happen, certainly because >> routing problems. > > "some obscure things happen" is not a problem report. Please submit the > information requested at http://www.shorewall.net/support.htm (if you are > running Shorewall 3.x) or http://www.shorewall.net/2.0/support.htm (if you > are running Shorewall 2.x).Ok sorry. I dont''t describe the "obscure things" because I think is not the main problem. I would only like to know is : there is I problem when I have 2 equal gateways and try to use "main" in the "DUPLICATE" field at "providers" file ? Sorry I did not send the information described at http://www.shorewall.net/support.htm because I undid the configuration in "providers" and put the configuration in the old way with shell scripts. The server is 300km of distance and I do not want to take the risk to lose the connection :-) . I made this test when was physically there. Thanks. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Cleiton Peres Reis Servidores Linux. DoctorNet Redes e Conectividade Ltda Rua General Osorio, 1092 Centro - CEP 96020-000 - Pelotas/RS =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
On Friday 02 December 2005 03:07, Cleiton Peres Reis wrote:> > I going to use 1 link to VPN Traffic "only" and the other link to WWW, > MAIL, FTP, etc .... > > >> The shorewall start but some obscure things happen, certainly because > >> routing problems. > > > > "some obscure things happen" is not a problem report. Please submit the > > information requested at http://www.shorewall.net/support.htm (if you are > > running Shorewall 3.x) or http://www.shorewall.net/2.0/support.htm (if > > you are running Shorewall 2.x). > > Ok sorry. I dont''t describe the "obscure things" because I think is not > the main problem. > > I would only like to know is : there is I problem when I have 2 equal > gateways and try to use "main" in the "DUPLICATE" field at "providers" > file ? >We can''t tell what the problem is when you put ''main'' in the DUPLICATE column without seeing your routing table *before* you try to start Shorewall. A trace of ''shorewall start'' would also be helpful. What I would suggest is that you place ''main'' in the DUPLICATE column and ''none'' in the COPY column. I think that will avoid the error that you are seeing. If that allows Shorewall to start and you still have ''obscure things'' happening then please collect the output of ''shorewall dump'' (shorewall 3.0) or ''shorewall status'' (shorewall 2.x). Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Ok. Thanks a lot Tom, I will try this in the next visit in the company, and then I will return to the list. I also think that avoiding the error and shorewall starting with the "main"(DUPLICATE) everything will work correctly. Cleiton. Tom Eastep disse:> On Friday 02 December 2005 03:07, Cleiton Peres Reis wrote: > >> >> I going to use 1 link to VPN Traffic "only" and the other link to WWW, >> MAIL, FTP, etc .... >> >> >> The shorewall start but some obscure things happen, certainly because >> >> routing problems. >> > >> > "some obscure things happen" is not a problem report. Please submit the >> > information requested at http://www.shorewall.net/support.htm (if you are >> > running Shorewall 3.x) or http://www.shorewall.net/2.0/support.htm (if >> > you are running Shorewall 2.x). >> >> Ok sorry. I dont''t describe the "obscure things" because I think is not >> the main problem. >> >> I would only like to know is : there is I problem when I have 2 equal >> gateways and try to use "main" in the "DUPLICATE" field at "providers" >> file ? >> > > We can''t tell what the problem is when you put ''main'' in the DUPLICATE column > without seeing your routing table *before* you try to start Shorewall. A > trace of ''shorewall start'' would also be helpful. > > What I would suggest is that you place ''main'' in the DUPLICATE column and > ''none'' in the COPY column. I think that will avoid the error that you are > seeing. > > If that allows Shorewall to start and you still have ''obscure things'' > happening then please collect the output of ''shorewall dump'' (shorewall 3.0) > or ''shorewall status'' (shorewall 2.x). > > Thanks, > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key >=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Cleiton Peres Reis Servidores Linux. DoctorNet Redes e Conectividade Ltda Rua General Osorio, 1092 Centro - CEP 96020-000 - Pelotas/RS =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id865&op=click