OK, I see its impossible to organize _real_ multi-ISP at RH 7.3. Sad. OK... But is it posiible to do the simple thing below: - grab local subnets list - implement proper "route" command in order to point them through eth2 - all other traffic (non-local) goes over eth1 How to? :-) /etc/shorewall/masq: eth1 eth0 eth2 eth0 /etc/shorewall/providers: what here? what else anywhere? mistakes? -- MNV-UANIC ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
Nick Mashchenko escribió:> OK, I see its impossible to organize _real_ multi-ISP at RH 7.3. > Sad. OK...Nick, Im trying to save you dozen of hours of work and frustration. whatever thing related to multi-isp you attempt to do in RH 7.3 will fail soon or later and it **will not work **. if you want, as you say "real" multi-isp then you need BGP or similar. what shorewall implements is a "hack" (yes a "hack", in Tom''s own words) to make this possible, but have specific requirements that your current distribution do not meet, additionally to not having the required kernel modules, how you expected Rh 7.3 to protect you? with 5000 security flawed packages ? Please don''t waste your time. installing a current distribution will do the trick,faster and secure. Of course, after you do that, and you have other questions,please submit a proper problem report, including the information mentioned in the support page. Sorry to say, if you insist to run such arcane thing, I will not waste a single second of my free time trying to help you solve the problem.
Nick Mashchenko wrote:> OK, I see its impossible to organize _real_ multi-ISP at RH 7.3.Not only that, but RH7.3 is only supported by the Fedora Legacy project. The Fedora Legacy team do a great job, but their resources are limited and they just don''t seem to get the security updates out as fast as Fedora Core, SUSE, or Debian. RH7.3 is a bad bet for any Internet-connected host. Paul
Folks, I know all bad things about RH 7.3 :-). I do not insist about implementing multi-ISP at RH 7.3. I mean, real multi-ISP. I think (!) that it is possible to organize very simple thing: one default route over eth1 for most traffic and another route over eth2 for local traffic. No failover monitoring, no balancing, no etc. Just exactly what I said. Is it possible or no? :-) P.S. Please don''t say "erase RH 7.3, set up another distro" :-). -- MNV-UANIC ----- Original Message ----- From: "Paul Gear" <pgear@redlands.qld.edu.au> To: <shorewall-users@lists.sourceforge.net> Sent: Wednesday, April 05, 2006 2:39 AM Subject: [Shorewall-users] Re: Two ISP (again) ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
On Wednesday 05 April 2006 11:14, Nick Mashchenko wrote:> Folks, > > I know all bad things about RH 7.3 :-). I do not insist about implementing > multi-ISP at RH 7.3. I mean, real multi-ISP. I think (!) that it is > possible to organize very simple thing: one default route over eth1 for > most traffic and another route over eth2 for local traffic. No failover > monitoring, no balancing, no etc. Just exactly what I said. Is it possible > or no? :-)> > P.S. Please don''t say "erase RH 7.3, set up another distro" :-).You are quite "consultancy resistant". As folks here said before: It''s not only about the Multi-ISP Setup, a Firewall setup itself doesn''t make sense on a Distro that contains this amount of security holes. So excuse me, but: Erase RH 7.3, set up another distro! If you expect support here, retire your RH 7.3! Alex ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
On Wednesday 05 April 2006 02:14, Nick Mashchenko wrote:> Folks, > > I know all bad things about RH 7.3 :-). I do not insist about implementing > multi-ISP at RH 7.3. I mean, real multi-ISP. I think (!) that it is > possible to organize very simple thing: one default route over eth1 for > most traffic and another route over eth2 for local traffic. No failover > monitoring, no balancing, no etc. Just exactly what I said. Is it possible > or no? :-) >Somewhat -- if you can''t specify ''track'' then long-silent connections have a good chance of not working when you try to use them. See Chris Mason''s writeup about CentOS that he posted earlier -- he was able to make it work and gave complete details of what he did. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key