Shorewall users - Sep 2008 - Problem with MultiISP configuration (no rc-rules), please help!

Hi,

I''m trying to set up a multi ISP configuration.
I can make it work without shorewall, except for incoming connections :
i want to be able to connect to any oof the internet interfaces from 
outside, I can not with ports forwarded on the local network : I am not 
always receiving an answer
I just want the same result as a multiWAN router that does load balancing.

I discovered shorewall and the "MultiISP" configuration that seemed to
answer my problem.
I did set all files but the providers one, everything works then.
But when I fill the providers file, nothing works anymore : outgoing 
connections are no more working, neither does incoming ones.

Please help.

 

Here are the commands you request
(just so you know : eth0,eth1,eth2 are internet connections and eth4 is 
the only used local one) :

#/sbin/shorewall version
4.0.13

#ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
qlen 100
    link/ether 00:15:17:7a:6a:bc brd ff:ff:ff:ff:ff:ff
    inet 88.162.31.82/24 brd 88.162.31.255 scope global eth0
    inet6 fe80::215:17ff:fe7a:6abc/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
qlen 100
    link/ether 00:15:17:7a:6a:bd brd ff:ff:ff:ff:ff:ff
    inet 83.142.149.102/30 brd 83.142.149.103 scope global eth1
    inet6 fe80::215:17ff:fe7a:6abd/64 scope link
       valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
qlen 1000
    link/ether 00:15:17:7a:6a:50 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.1/24 brd 192.168.2.255 scope global eth2
    inet6 fe80::215:17ff:fe7a:6a50/64 scope link
       valid_lft forever preferred_lft forever
5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
    link/ether 00:15:17:7a:6a:51 brd ff:ff:ff:ff:ff:ff
6: eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
qlen 1000
    link/ether 00:1e:4f:3e:29:8e brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.200/24 brd 192.168.1.255 scope global eth4
    inet6 fe80::21e:4fff:fe3e:298e/64 scope link
       valid_lft forever preferred_lft forever
7: eth5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
    link/ether 00:1e:4f:3e:29:8f brd ff:ff:ff:ff:ff:ff
8: teql0: <NOARP> mtu 1500 qdisc noop qlen 100
    link/void

#ip route show
83.142.149.100/30 dev eth1  proto kernel  scope link  src 83.142.149.102
88.162.31.0/24 dev eth0  proto kernel  scope link  src 88.162.31.82
192.168.2.0/24 dev eth2  proto kernel  scope link  src 192.168.2.1
192.168.1.0/24 dev eth4  proto kernel  scope link  src 192.168.1.200
default
        nexthop via 88.162.31.254  dev eth0 weight 1
        nexthop via 83.142.149.101  dev eth1 weight 1
        nexthop via 192.168.2.200  dev eth2 weight 1


And here is my providers file :

#NAME  NUMBER  MARK    DUPLICATE       INTERFACE       GATEWAY         
OPTIONS         COPY
ISP1   200     1       main            eth0            88.162.31.254   
track,balance   eth4
ISP2   201     2       main            eth1            83.142.149.101  
track,balance   eth4
ISP3   202     3       main            eth2            192.168.2.200   
track,balance   eth4
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE


Thank you for your help


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

Pierre CHAUSSEE wrote:
> Hi,
> 
> I''m trying to set up a multi ISP configuration.
> I can make it work without shorewall, except for incoming connections :
> i want to be able to connect to any oof the internet interfaces from 
> outside, I can not with ports forwarded on the local network : I am not 
> always receiving an answer
> I just want the same result as a multiWAN router that does load balancing.
> 
> I discovered shorewall and the "MultiISP" configuration that
seemed to
> answer my problem.
> I did set all files but the providers one, everything works then.
> But when I fill the providers file, nothing works anymore : outgoing 
> connections are no more working, neither does incoming ones.
>
> Here are the commands you request
For connection problems, we need the output of ''shorewall
dump'' collected as
described at http://www.shorewall.net/support.htm#Guidelines

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

Sorry for bad formatting this is from my phone. My multi isp issue was because I
didn''t follow the readme regarding the masq file and I had similar
issues. How does your masq file look like?

Regards

-----Original Message-----
From: Pierre CHAUSSEE <silversens@gmail.com>
Sent: 05 September 2008 23:03
To: shorewall-users@lists.sourceforge.net
Subject: [Shorewall-users] Problem with MultiISP configuration (no rc-rules),
please help!

Hi,

 I''m trying to set up a multi ISP configuration.
 I can make it work without shorewall, except for incoming connections :
 i want to be able to connect to any oof the internet interfaces from
 outside, I can not with ports forwarded on the local network : I am not
 always receiving an answer
 I just want the same result as a multiWAN router that does load balancing.

 I discovered shorewall and the "MultiISP" configuration that seemed
to
 answer my problem.
 I did set all files but the providers one, everything works then.
 But when I fill the providers file, nothing works anymore : outgoing
 connections are no more working, neither does incoming ones.

 Please help.

  

 Here are the commands you request
 (just so you know : eth0,eth1,eth2 are internet connections and eth4 is
 the only used local one) :

 #/sbin/shorewall version
 4.0.13

 #ip addr show
 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
     inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
     inet6 ::1/128 scope host
        valid_lft forever preferred_lft forever
 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
 qlen 100
     link/ether 00:15:17:7a:6a:bc brd ff:ff:ff:ff:ff:ff
     inet 88.162.31.82/24 brd 88.162.31.255 scope global eth0
     inet6 fe80::215:17ff:fe7a:6abc/64 scope link
        valid_lft forever preferred_lft forever
 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
 qlen 100
     link/ether 00:15:17:7a:6a:bd brd ff:ff:ff:ff:ff:ff
     inet 83.142.149.102/30 brd 83.142.149.103 scope global eth1
     inet6 fe80::215:17ff:fe7a:6abd/64 scope link
        valid_lft forever preferred_lft forever
 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
 qlen 1000
     link/ether 00:15:17:7a:6a:50 brd ff:ff:ff:ff:ff:ff
     inet 192.168.2.1/24 brd 192.168.2.255 scope global eth2
     inet6 fe80::215:17ff:fe7a:6a50/64 scope link
        valid_lft forever preferred_lft forever
 5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
     link/ether 00:15:17:7a:6a:51 brd ff:ff:ff:ff:ff:ff
 6: eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
 qlen 1000
     link/ether 00:1e:4f:3e:29:8e brd ff:ff:ff:ff:ff:ff
     inet 192.168.1.200/24 brd 192.168.1.255 scope global eth4
     inet6 fe80::21e:4fff:fe3e:298e/64 scope link
        valid_lft forever preferred_lft forever
 7: eth5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
     link/ether 00:1e:4f:3e:29:8f brd ff:ff:ff:ff:ff:ff
 8: teql0: <NOARP> mtu 1500 qdisc noop qlen 100
     link/void

 #ip route show
 83.142.149.100/30 dev eth1  proto kernel  scope link  src 83.142.149.102
 88.162.31.0/24 dev eth0  proto kernel  scope link  src 88.162.31.82
 192.168.2.0/24 dev eth2  proto kernel  scope link  src 192.168.2.1
 192.168.1.0/24 dev eth4  proto kernel  scope link  src 192.168.1.200
 default
         nexthop via 88.162.31.254  dev eth0 weight 1
         nexthop via 83.142.149.101  dev eth1 weight 1
         nexthop via 192.168.2.200  dev eth2 weight 1


 And here is my providers file :

 #NAME  NUMBER  MARK    DUPLICATE       INTERFACE       GATEWAY        
 OPTIONS         COPY
 ISP1   200     1       main            eth0            88.162.31.254  
 track,balance   eth4
 ISP2   201     2       main            eth1            83.142.149.101 
 track,balance   eth4
 ISP3   202     3       main            eth2            192.168.2.200  
 track,balance   eth4
 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE


 Thank you for your help


 -------------------------------------------------------------------------
 This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
 Build the coolest Linux based applications with Moblin SDK & win great
prizes
 Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
 _______________________________________________
 Shorewall-users mailing list
 Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

It looks like this :

#
# Shorewall version 4 - Masq file
#
# For information about entries in this file, type "man
shorewall-masq"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-masq.html
#
###############################################################################
#INTERFACE              SOURCE          ADDRESS         PROTO    
PORT(S) IPSEC   MARK
eth0                    83.142.149.102  88.162.31.82
eth0                    192.168.2.1     88.162.31.82
eth0                    eth4            88.162.31.82
eth1                    88.162.31.82    83.142.149.102
eth1                    192.168.2.1     83.142.149.102
eth1                    eth4            83.142.149.102
eth2                    83.142.149.102  192.168.2.1
eth2                    88.162.31.82    192.168.2.1
eth2                    eth4            192.168.2.1
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
> Sorry for bad formatting this is from my phone. My multi isp issue  
> was because I didn''t follow the readme regarding the masq file and
I
> had similar issues. How does your masq file look like?
>
> Regards
>
> -----Original Message-----
> From: Pierre CHAUSSEE <silversens@gmail.com>
> Sent: 05 September 2008 23:03
> To: shorewall-users@lists.sourceforge.net
> Subject: [Shorewall-users] Problem with MultiISP configuration (no  
> rc-rules), please help!
>
> Hi,
>
> I''m trying to set up a multi ISP configuration.
> I can make it work without shorewall, except for incoming  
> connections :
> i want to be able to connect to any oof the internet interfaces from
> outside, I can not with ports forwarded on the local network : I am  
> not
> always receiving an answer
> I just want the same result as a multiWAN router that does load  
> balancing.
>
> I discovered shorewall and the "MultiISP" configuration that
seemed to
> answer my problem.
> I did set all files but the providers one, everything works then.
> But when I fill the providers file, nothing works anymore : outgoing
> connections are no more working, neither does incoming ones.
>
> Please help.
>
>
>
> Here are the commands you request
> (just so you know : eth0,eth1,eth2 are internet connections and eth4  
> is
> the only used local one) :
>
> #/sbin/shorewall version
> 4.0.13
>
> #ip addr show
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>     inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
>     inet6 ::1/128 scope host
>        valid_lft forever preferred_lft forever
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> qlen 100
>     link/ether 00:15:17:7a:6a:bc brd ff:ff:ff:ff:ff:ff
>     inet 88.162.31.82/24 brd 88.162.31.255 scope global eth0
>     inet6 fe80::215:17ff:fe7a:6abc/64 scope link
>        valid_lft forever preferred_lft forever
> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> qlen 100
>     link/ether 00:15:17:7a:6a:bd brd ff:ff:ff:ff:ff:ff
>     inet 83.142.149.102/30 brd 83.142.149.103 scope global eth1
>     inet6 fe80::215:17ff:fe7a:6abd/64 scope link
>        valid_lft forever preferred_lft forever
> 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> qlen 1000
>     link/ether 00:15:17:7a:6a:50 brd ff:ff:ff:ff:ff:ff
>     inet 192.168.2.1/24 brd 192.168.2.255 scope global eth2
>     inet6 fe80::215:17ff:fe7a:6a50/64 scope link
>        valid_lft forever preferred_lft forever
> 5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
>     link/ether 00:15:17:7a:6a:51 brd ff:ff:ff:ff:ff:ff
> 6: eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> qlen 1000
>     link/ether 00:1e:4f:3e:29:8e brd ff:ff:ff:ff:ff:ff
>     inet 192.168.1.200/24 brd 192.168.1.255 scope global eth4
>     inet6 fe80::21e:4fff:fe3e:298e/64 scope link
>        valid_lft forever preferred_lft forever
> 7: eth5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
>     link/ether 00:1e:4f:3e:29:8f brd ff:ff:ff:ff:ff:ff
> 8: teql0: <NOARP> mtu 1500 qdisc noop qlen 100
>     link/void
>
> #ip route show
> 83.142.149.100/30 dev eth1  proto kernel  scope link  src  
> 83.142.149.102
> 88.162.31.0/24 dev eth0  proto kernel  scope link  src 88.162.31.82
> 192.168.2.0/24 dev eth2  proto kernel  scope link  src 192.168.2.1
> 192.168.1.0/24 dev eth4  proto kernel  scope link  src 192.168.1.200
> default
>         nexthop via 88.162.31.254  dev eth0 weight 1
>         nexthop via 83.142.149.101  dev eth1 weight 1
>         nexthop via 192.168.2.200  dev eth2 weight 1
>
>
> And here is my providers file :
>
> #NAME  NUMBER  MARK    DUPLICATE       INTERFACE       GATEWAY
> OPTIONS         COPY
> ISP1   200     1       main            eth0            88.162.31.254
> track,balance   eth4
> ISP2   201     2       main            eth1            83.142.149.101
> track,balance   eth4
> ISP3   202     3       main            eth2            192.168.2.200
> track,balance   eth4
> #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
>
>
> Thank you for your help
>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer''s
> challenge
> Build the coolest Linux based applications with Moblin SDK & win  
> great prizes
> Grand prize is a trip for two to an Open Source event anywhere in  
> the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

I''m sorry i forgot it.
Here it is in the attached files.




> Pierre CHAUSSEE wrote:
>> Hi,
>> I''m trying to set up a multi ISP configuration.
>> I can make it work without shorewall, except for incoming  
>> connections :
>> i want to be able to connect to any oof the internet interfaces  
>> from outside, I can not with ports forwarded on the local network :  
>> I am not always receiving an answer
>> I just want the same result as a multiWAN router that does load  
>> balancing.
>> I discovered shorewall and the "MultiISP" configuration that
seemed
>> to answer my problem.
>> I did set all files but the providers one, everything works then.
>> But when I fill the providers file, nothing works anymore :  
>> outgoing connections are no more working, neither does incoming ones.
>>
>> Here are the commands you request
>
> For connection problems, we need the output of ''shorewall
dump''
> collected as described at http://www.shorewall.net/support.htm#Guidelines
>
> -Tom
> -- 
> Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
> Shoreline,     \ http://shorewall.net
> Washington USA  \ teastep@shorewall.net
> PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer''s
> challenge
> Build the coolest Linux based applications with Moblin SDK & win  
> great prizes
> Grand prize is a trip for two to an Open Source event anywhere in  
> the world
>
http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

It seems the file is not easy to download, and it''s to big to just be  
printed in the message.
Here''s a link which allows you to download it :
http://www.clyl.net/dump.shorewall.bz2

Once again please help I''ve been, trying to reset everything three  
times, I can''t see what''s wrong.

> I''m sorry i forgot it.
> Here it is in the attached files.
>
> <dump.shorewall.bz2>
>
>> Pierre CHAUSSEE wrote:
>>> Hi,
>>> I''m trying to set up a multi ISP configuration.
>>> I can make it work without shorewall, except for incoming  
>>> connections :
>>> i want to be able to connect to any oof the internet interfaces  
>>> from outside, I can not with ports forwarded on the local  
>>> network : I am not always receiving an answer
>>> I just want the same result as a multiWAN router that does load  
>>> balancing.
>>> I discovered shorewall and the "MultiISP" configuration
that
>>> seemed to answer my problem.
>>> I did set all files but the providers one, everything works then.
>>> But when I fill the providers file, nothing works anymore :  
>>> outgoing connections are no more working, neither does incoming  
>>> ones.
>>>
>>> Here are the commands you request
>>
>> For connection problems, we need the output of ''shorewall
dump''
>> collected as described at
http://www.shorewall.net/support.htm#Guidelines
>>
>> -Tom
>> -- 
>> Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
>> Shoreline,     \ http://shorewall.net
>> Washington USA  \ teastep@shorewall.net
>> PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
>>
>>
-------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Moblin Your Move
Developer''s
>> challenge
>> Build the coolest Linux based applications with Moblin SDK & win  
>> great prizes
>> Grand prize is a trip for two to an Open Source event anywhere in  
>> the world
>>
http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________
>> Shorewall-users mailing list
>> Shorewall-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

CHAUSSEE Pierre wrote:
> It seems the file is not easy to download, and it''s to big to just
be
> printed in the message.
> Here''s a link which allows you to download it :
http://www.clyl.net/dump.shorewall.bz2
> 
> Once again please help I''ve been, trying to reset everything three
> times, I can''t see what''s wrong.
> 
The route_rule with priority 50 needs to be removed -- none of your existing 
connections have any chance of working with that rule in place. Other than 
that, I don''t see anything wrong with your setup.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

Tom Eastep wrote:
> CHAUSSEE Pierre wrote:
>> It seems the file is not easy to download, and it''s to big to
just be
>> printed in the message.
>> Here''s a link which allows you to download it : 
>> http://www.clyl.net/dump.shorewall.bz2
>>
>> Once again please help I''ve been, trying to reset everything
three
>> times, I can''t see what''s wrong.
>>
> 
> The route_rule with priority 50 needs to be removed -- none of your 
> existing connections have any chance of working with that rule in place. 
> Other than that, I don''t see anything wrong with your setup.
In fact, the more I look at those route rules, I don''t believe that all
of
them were generated by Shorewall. They definitely aren''t correct.

One thing you need to be aware of is that Shorewall doesn''t remove all 
routing rules and start from scratch. It only removes those rules that it 
added previously. So if you have your own multi-ISP rules in place, 
restarting with Shorewall multi-ISP support probably isn''t going to
work.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

Tom Eastep wrote:
> Tom Eastep wrote:
>> CHAUSSEE Pierre wrote:
>>> It seems the file is not easy to download, and it''s to big
to just
>>> be  printed in the message.
>>> Here''s a link which allows you to download it : 
>>> http://www.clyl.net/dump.shorewall.bz2
>>>
>>> Once again please help I''ve been, trying to reset
everything three
>>> times, I can''t see what''s wrong.
>>>
>>
>> The route_rule with priority 50 needs to be removed -- none of your 
>> existing connections have any chance of working with that rule in 
>> place. Other than that, I don''t see anything wrong with your
setup.
> 
> In fact, the more I look at those route rules, I don''t believe
that all
> of them were generated by Shorewall. They definitely aren''t
correct.
> 
> One thing you need to be aware of is that Shorewall doesn''t remove
all
> routing rules and start from scratch. It only removes those rules that 
> it added previously. So if you have your own multi-ISP rules in place, 
> restarting with Shorewall multi-ISP support probably isn''t going
to work.
>
Compare your routing rules with those shown in the Shorewall Multi-ISP article:

Until Shorewall 4.2 with USE_DEFAULT_RT=Yes, Shorewall has always generated 
rules with the following priority ranges:

0 - local lookup
10000-10999 - fwmark rules
20000-25999 - Source-IP rules
32766       - main
32767       - default

As you can see, yours look nothing like that. Are you using your own script 
to write the routing rules? If so, you need to disable that script when you 
enable Shorewall multi-ISP support.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

Thank you very much ! That was it ! That rule was lost somewhere.
Thanks again.
> CHAUSSEE Pierre wrote:
>> It seems the file is not easy to download, and it''s to big to
just
>> be  printed in the message.
>> Here''s a link which allows you to download it :
http://www.clyl.net/dump.shorewall.bz2
>> Once again please help I''ve been, trying to reset everything
three
>> times, I can''t see what''s wrong.
>
> The route_rule with priority 50 needs to be removed -- none of your  
> existing connections have any chance of working with that rule in  
> place. Other than that, I don''t see anything wrong with your
setup.
>
> -Tom
> -- 
> Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
> Shoreline,     \ http://shorewall.net
> Washington USA  \ teastep@shorewall.net
> PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer''s
> challenge
> Build the coolest Linux based applications with Moblin SDK & win  
> great prizes
> Grand prize is a trip for two to an Open Source event anywhere in  
> the world
>
http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/