Shorewall users - Oct 2006 - Re: Tc rules Helpwith multiISP+ squid& squidguard...

I found that in my kernel config :

# CONFIG_NET_KEY is not set
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_PNP is not set
# CONFIG_NET_IPIP is not set
# CONFIG_NET_IPGRE is not set

But no CONFIG_IP_ROUTE_MULTIPATH_CACHED.


-----Message d''origine-----
De : shorewall-users-bounces@lists.sourceforge.net
[mailto:shorewall-users-bounces@lists.sourceforge.net] De la part de Tom Eastep
Envoyé : jeudi 19 octobre 2006 00:24
À : Shorewall Users
Objet : Re: [Shorewall-users] Tc rules Helpwith multiISP+ squid&
squidguard...

Joffrey FLEURICE wrote:
> Tom wrote :
>> My advice to you is still the same -- you are going to have to use
> tcpdump >or ethereal to see what is happening. You have the computer
> there in front >of you
>> -- we don''t. So only you are going to be able to solve this.
We are
> not.
> 
>>From the dump you sent, it looks like many SYN packets are being sent
> on >ppp0
>> and never replied to. So you need to confirm that they are actually
> being >sent
>> on ppp0 and not on eth0.
> 
>> Does ppp0 work if you configure it as your only Internet connection?
> 
> I have test with only eth0 : work perfectly
> I have test with only ppp0 : work perfectly
> 
> I think the problem is in tcRules. I think that packet marking work when
> no squid is present, but when the squid is present, the squid
doesn''t
> find or understand packet marking.
Have you had any success in running this problem down? If not, you might check
the setting of CONFIG_IP_ROUTE_MULTIPATH_CACHED in your kernel''s
configuration.
Turning on that option is known to cause problems with Multi-ISP routing.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

Joffrey FLEURICE wrote:
> I found that in my kernel config :
> 
> # CONFIG_NET_KEY is not set
> CONFIG_INET=y
> CONFIG_IP_MULTICAST=y
> CONFIG_IP_ADVANCED_ROUTER=y
> CONFIG_IP_MULTIPLE_TABLES=y
> CONFIG_IP_ROUTE_FWMARK=y
> CONFIG_IP_ROUTE_MULTIPATH=y
> CONFIG_IP_ROUTE_VERBOSE=y
> # CONFIG_IP_PNP is not set
> # CONFIG_NET_IPIP is not set
> # CONFIG_NET_IPGRE is not set
> 
> But no CONFIG_IP_ROUTE_MULTIPATH_CACHED.
Ok -- in your squid.conf file, you might try setting
''tcp_outgoing_address'' to
the IP address of the interface that you want squid to use. We saw a problem
somewhat similar to yours on IRC this morning which was corrected by having the
server bind to the correct local address.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642