Shorewall users - Mar 2006 - Re: Re: multiple isp. masqueraded machines somtimes work and somet

Why ping google ???
you should either ping your assigned external ip address ( make your config dhcp
for your external ip address even if it is static )
( If your dsl link is up you sould have an address if not you should not )
If for some reson you cannot do that,  ping your isp''s default gw or
someone closer. With google you never know what is going on.

I do something similar with -m condition and the ipt_condition module 
in a daemon mode;

ping my assigned ip address if I decide that the link is down
I mark the packets. 
I don''t touch routing.

Anyway I still don''t like it marking the packets in prerouting ....
I think this way we are missing many of the capabilities the netfilter system
offers.
I am sure that one with all the modules being there in patch-o-matic and some
clever netfilter rules one can achieve a near to perfect load ballancing +  some
sort of decent fail over.

BUT  you''ll propably have to forget all about shorewall.

Regards ..


>Yes both are connected to the same switch.
>
>About the ip failover tomorrow I am going to try this script in
>crontab... just an idea....lets see if it works...it should work as
>after a defined time in crontab the following script will run and if
>my fw is unable to ping www.google.com then it will change my gateway
>as well as restart the shorewall...but the point to check is how long
>does it takes to find host unreachable....
>#!/bin/sh
>CABLE_IP=ISP1 gw ip
>DSL_IP=ISP2 gw ip
>
>## function to switch to dsl router
>switch_dsl()
>{
>route del default
>route add default gw $DSL_IP
>}
>
>## function to switch to cable router
>switch_cable()
>{
>route del default
>route add default gw $CABLE_IP
>}
>
>if ping -c1 -q www.google.com >/dev/null 2>&1; then
># since we can ping google we''re online so we exit.
>exit 0
>else
># internet is down, let''s switch to other router
>if route -n | grep ''^0.0.0.0'' | grep
"$CABLE_IP"; then
>switch_dsl
>else
>switch_cable
>shorewall restart
>fi
>fi
>
>
>thanks and regards
>Anuj
>
>
>
>
>On 3/27/06, Tom Eastep <teastep@shorewall.net> wrote:
>
>>On Monday 27 March 2006 03:03, Anuj Singh wrote:
>>
>>>Hello !
>>>Last time I tried multiple isp on local network (test machines) it
>>>worked now I configured a network but facing a different problem.
the
>>>problem is at sometimes Few of my local machines (masqueraded) do
work
>>>properly and sometimes don''t.
>>
>>Do you have both firewall interfaces cabled to the same hub/switch?
>>
>>-Tom
>>--
>>Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
>>Shoreline,     \ http://shorewall.net
>>Washington USA  \ teastep@shorewall.net
>>PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
>>
>>
>>
>
>
>--
>===========>Linux Rocks
>World''s Best Sites:
>http://www.tldp.org/
>http://www.ibiblio.org/
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by xPML, a groundbreaking scripting language
>that extends applications into web and mobile media. Attend the live webcast
>and join the prime developer group breaking into this new coding territory!
>http://sel.as-us.falkag.net/sel?cmd=k&kid0944&bid$1720&dat1642
>_______________________________________________
>Shorewall-users mailing list
>Shorewall-users@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/shorewall-users
>




-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642