Chakravarthy Girda
2008-Sep-23 16:41 UTC
Outgoing service always on a certain external address
Hi,
Shorewall version -4.0.12-2 (EL5 rpm version)
OS : Centos 5.2
I have shorewall successfully running on Linux with multi ISP.
Trying to make services such as "rsync, ftp" go through my secondary
ISP. For which I did the following
eth0 : Internal LAN
eth4 : DSL (Second ISP) => x.x
eth5 : T1 (First ISP) => y.y
Created the following entries in /etc/shorewall/masq
#INTERFACE SOURCE ADDRESS PROTO
eth4 eth0 x.x tcp 20,21,873
eth4 eth0 x.x udp 20,21,873
eth5 x.x y.y
eth4 y.y x.x
eth5 eth0 y.y
eth4 eth0 x.x
But still my ftp and rsync follow my first default route. Which is my
T1. What else I need to do to force this connections only use my
secondary ISP.
Thank you
Chakri
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Tom Eastep
2008-Sep-23 17:25 UTC
Re: Outgoing service always on a certain external address
Chakravarthy Girda wrote:> Hi, > Shorewall version -4.0.12-2 (EL5 rpm version) > OS : Centos 5.2 > > I have shorewall successfully running on Linux with multi ISP. > Trying to make services such as "rsync, ftp" go through my secondary > ISP. For which I did the following > > eth0 : Internal LAN > eth4 : DSL (Second ISP) => x.x > eth5 : T1 (First ISP) => y.y > > > Created the following entries in /etc/shorewall/masq > > #INTERFACE SOURCE ADDRESS PROTO > eth4 eth0 x.x tcp 20,21,873 > eth4 eth0 x.x udp 20,21,873 > eth5 x.x y.y > eth4 y.y x.x > eth5 eth0 y.y > eth4 eth0 x.x > > > But still my ftp and rsync follow my first default route. Which is my > T1. What else I need to do to force this connections only use my > secondary ISP.From http://www.shorewall.net/MultiISP.html (the ''Warning'' is even in bold font!): Warning Entries in /etc/shorewall/masq have no effect on which ISP a particular connection will be sent through. That is rather the purpose of entries in /etc/shorewall/tcrules or /etc/shorewall/route_rules. -Tom -- Tom Eastep \ The ultimate result of shielding men from the effects of Shoreline, \ folly is to fill the world with fools. Washington, USA \ -- Herbert Spencer ------------------------------------------------------------------------ http://www.shorewall.net ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Chakravarthy Girda
2008-Sep-23 18:10 UTC
Re: Outgoing service always on a certain external address
Hi Tom,
Thank you for your response. I haven''t noticed the warning but
tried with old version notes. This is the postal effect of my failure in
making it work the following
/etc/shorewall/tcrules.
2:130 eth0 eth4 tcp - 873,20,21
2:131 eth0 eth4 udp - 873,20,21
In my case I can''t use /etc/shorewall/route_rules as I wanted
specific port/service to happen than from the entire internal interface
or internal machine.
Once again I thank you for time. Please let me know if I am missing any
other changes.
Thank you
Chakri
Tom Eastep wrote:> Chakravarthy Girda wrote:
>> Hi,
>> Shorewall version -4.0.12-2 (EL5 rpm version)
>> OS : Centos 5.2
>>
>> I have shorewall successfully running on Linux with multi ISP.
>> Trying to make services such as "rsync, ftp" go through my
secondary
>> ISP. For which I did the following
>>
>> eth0 : Internal LAN
>> eth4 : DSL (Second ISP) => x.x
>> eth5 : T1 (First ISP) => y.y
>>
>>
>> Created the following entries in /etc/shorewall/masq
>>
>> #INTERFACE SOURCE ADDRESS PROTO
>> eth4 eth0 x.x tcp 20,21,873
>> eth4 eth0 x.x udp 20,21,873
>> eth5 x.x y.y
>> eth4 y.y x.x
>> eth5 eth0 y.y
>> eth4 eth0 x.x
>>
>>
>> But still my ftp and rsync follow my first default route. Which is
my
>> T1. What else I need to do to force this connections only use my
>> secondary ISP.
>
> From http://www.shorewall.net/MultiISP.html (the
''Warning'' is even in
> bold font!):
>
> Warning
>
> Entries in /etc/shorewall/masq have no effect on which ISP a particular
> connection will be sent through. That is rather the purpose of entries
> in /etc/shorewall/tcrules or /etc/shorewall/route_rules.
>
> -Tom
>
>
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
> Build the coolest Linux based applications with Moblin SDK & win great
prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Chakravarthy Girda
2008-Sep-25 14:44 UTC
Re: Outgoing service always on a certain external address
Hi Tom,
For the time being I decided to go with
"/etc/shorewall/route_rules" by making the entire machine traffic
route
through my DSL interface with a priority.
192.168.10.13 - DSL 26000
192.168.10.13 - T1 26002
My fail over for 192.168.10.13 doesn''t work. Means my DSL dies
the machine cannot communicated to the outside world but the rest of the
LAN devices are able to do fail over.
NOTE: I tried with 1000 & 1002
11000 & 11002
Any ideas on this ?
Thank you
Chakri
Chakravarthy Girda wrote:> Hi Tom,
>
> Thank you for your response. I haven''t noticed the warning
but
> tried with old version notes. This is the postal effect of my failure in
> making it work the following
>
> /etc/shorewall/tcrules.
> 2:130 eth0 eth4 tcp - 873,20,21
> 2:131 eth0 eth4 udp - 873,20,21
>
> In my case I can''t use /etc/shorewall/route_rules as I
wanted
> specific port/service to happen than from the entire internal interface
> or internal machine.
>
> Once again I thank you for time. Please let me know if I am missing
> any other changes.
>
> Thank you
> Chakri
>
>
>
>
> Tom Eastep wrote:
>> Chakravarthy Girda wrote:
>>> Hi,
>>> Shorewall version -4.0.12-2 (EL5 rpm version)
>>> OS : Centos 5.2
>>>
>>> I have shorewall successfully running on Linux with multi
ISP.
>>> Trying to make services such as "rsync, ftp" go through
my secondary
>>> ISP. For which I did the following
>>>
>>> eth0 : Internal LAN
>>> eth4 : DSL (Second ISP) => x.x
>>> eth5 : T1 (First ISP) => y.y
>>>
>>>
>>> Created the following entries in /etc/shorewall/masq
>>>
>>> #INTERFACE SOURCE ADDRESS PROTO
>>> eth4 eth0 x.x tcp 20,21,873
>>> eth4 eth0 x.x udp 20,21,873
>>> eth5 x.x y.y
>>> eth4 y.y x.x
>>> eth5 eth0 y.y
>>> eth4 eth0 x.x
>>>
>>>
>>> But still my ftp and rsync follow my first default route. Which
is
>>> my T1. What else I need to do to force this connections only use my
>>> secondary ISP.
>>
>> From http://www.shorewall.net/MultiISP.html (the
''Warning'' is even in
>> bold font!):
>>
>> Warning
>>
>> Entries in /etc/shorewall/masq have no effect on which ISP a particular
>> connection will be sent through. That is rather the purpose of entries
>> in /etc/shorewall/tcrules or /etc/shorewall/route_rules.
>>
>> -Tom
>>
>>
>>
------------------------------------------------------------------------
>>
>>
-------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Moblin Your Move
Developer''s
>> challenge
>> Build the coolest Linux based applications with Moblin SDK & win
great
>> prizes
>> Grand prize is a trip for two to an Open Source event anywhere in the
>> world
>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>>
>>
>>
------------------------------------------------------------------------
>>
>> _______________________________________________
>> Shorewall-users mailing list
>> Shorewall-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/