Hi; I can add a second ppp/DSL line to my router. Unfortunatley the provider does not support channel bonding. I first thought that the multi-isp documentation does fit, but it is not really a second ISP cause the the ppp peer address is the same for both lines. Any hints how to make most of those lines and which documents are recommended to read to help setup and configure something similar to the multi-isp setup? TIA kp ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev
http://www.shorewall.net/MultiISP.html Another way of channel bonding (MLP) could be load-sharing. Providers either support one of the given possibilities (MLP or load-sharing) or both. Maybe you can talk to them to route your public network (the provider aggregated one) to the ppp address of both lines. Then you and the provider must activate load-sharing (normally per packet, sometimes per session) You are mailing from Germany as I can see - I do not know any provider in Germany who does not support either MLP or Loadsharing. Of course if you are not buying from Tante Emma :-) Above mentioned guide will help you anyway if provider is not able to fit your needs. A way would be to separate your local subnet into two parts (not the subnet itself but regarding MASQ to outside) In addition you can use two routing tables, one with the default gw for first few hosts and second for second few hosts. With some additional scripting this would additionally provide a fallback solution where subnet hosts part one can use second line as long as its gone. Read the guide and a lot of questions will be answered by your own. If not, come back to the list. Cheers Mike -----Ursprüngliche Nachricht----- Von: KP Kirchdoerfer [mailto:kapeka@bering-uclibc.de] Gesendet: Samstag, 5. Dezember 2009 14:32 An: Shorewall Users Betreff: [Shorewall-users] two ppp lines Hi; I can add a second ppp/DSL line to my router. Unfortunatley the provider does not support channel bonding. I first thought that the multi-isp documentation does fit, but it is not really a second ISP cause the the ppp peer address is the same for both lines. Any hints how to make most of those lines and which documents are recommended to read to help setup and configure something similar to the multi-isp setup? TIA kp ---------------------------------------------------------------------------- -- Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev
Am Samstag, 5. Dezember 2009 15:18:16 schrieb Michael Weickel - iQom Business Services GmbH:> http://www.shorewall.net/MultiISP.html > > Another way of channel bonding (MLP) could be load-sharing. Providers > either support one of the given possibilities (MLP or load-sharing) or > both. > > Maybe you can talk to them to route your public network (the provider > aggregated one) to the ppp address of both lines. Then you and the provider > must activate load-sharing (normally per packet, sometimes per session) > > You are mailing from Germany as I can see - I do not know any provider in > Germany who does not support either MLP or Loadsharing. Of course if you > are not buying from Tante Emma :-) > > Above mentioned guide will help you anyway if provider is not able to fit > your needs. > > A way would be to separate your local subnet into two parts (not the subnet > itself but regarding MASQ to outside) In addition you can use two routing > tables, one with the default gw for first few hosts and second for second > few hosts. With some additional scripting this would additionally provide a > fallback solution where subnet hosts part one can use second line as long > as its gone. > > Read the guide and a lot of questions will be answered by your own. If not, > come back to the list. > >Hi; I''ve managed to deal with two adsl lines and the according interfaces ppp0 and ppp0 for incoming traffic. The multi-isp documentation was helpful. There are two remaining problems: 1) The dsl are disconnected once a day so the remote gateway for ppp0 and ppp1 changes after a unkown time (24hrs+x). This causes a sluggish connection from the loc zone to the internet. I do believe this is cause the route cache is not really refreshed after shorewall restart. A network restart with /etc/init.d/networking restart cures that symptoms though. Will it help to run shorewall stop; ip route flush cache; shorewall start instead of of just restart shorewall? Any other ideas? 2) Due to the change if the pppx interfaces the origin ip-address of the smtp server changes as well, this may end up in false reverse lookups for the MX I''m afraid. I''ve read about route_rules to route smtp through a given provider. I''d like to route through a specific gateway adress, which isn''t bound to a provider since the providers are both dynamic dsl/ppp lines.... Running kernel 2.4.34 iptables 1.3.5 shorewall 4.0.15 Any help is appreciated TIA kp ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
On Fri, 18 Dec 2009 21:58:01 +0100 KP Kirchdoerfer <kapeka@bering-uclibc.de> wrote:> > 1) The dsl are disconnected once a day so the remote gateway for ppp0 > and ppp1 changes after a unkown time (24hrs+x). This causes a > sluggish connection from the loc zone to the internet. I do believe > this is cause the route cache is not really refreshed after shorewall > restart. A network restart with /etc/init.d/networking restart cures > that symptoms though.You can see what the compiled script does -- after ''shorewall restart'', the script is in /var/lib/shorewall/.restart.> > Will it help to run shorewall stop; ip route flush cache; shorewall > start instead of of just restart shorewall? Any other ideas?I think you will find that Shorewall is already executing ''ip route flush cache''.> > 2) Due to the change if the pppx interfaces the origin ip-address of > the smtp server changes as well, this may end up in false reverse > lookups for the MX I''m afraid. > I''ve read about route_rules to route smtp through a given provider. > I''d like to route through a specific gateway adress, which isn''t > bound to a provider since the providers are both dynamic dsl/ppp > lines....Trying to run an SMTP server on a host with a dynamic IP address sounds dicey at best. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
Am Freitag, 18. Dezember 2009 22:38:54 schrieb Tom Eastep:> On Fri, 18 Dec 2009 21:58:01 +0100 > > KP Kirchdoerfer <kapeka@bering-uclibc.de> wrote: > > 1) The dsl are disconnected once a day so the remote gateway for ppp0 > > and ppp1 changes after a unkown time (24hrs+x). This causes a > > sluggish connection from the loc zone to the internet. I do believe > > this is cause the route cache is not really refreshed after shorewall > > restart. A network restart with /etc/init.d/networking restart cures > > that symptoms though. > > You can see what the compiled script does -- after ''shorewall restart'', > the script is in /var/lib/shorewall/.restart. > > > Will it help to run shorewall stop; ip route flush cache; shorewall > > start instead of of just restart shorewall? Any other ideas? > > I think you will find that Shorewall is already executing ''ip route > flush cache''.Ok, I''ve been afraid that it won''t be that easy.> > 2) Due to the change if the pppx interfaces the origin ip-address of > > the smtp server changes as well, this may end up in false reverse > > lookups for the MX I''m afraid. > > I''ve read about route_rules to route smtp through a given provider. > > I''d like to route through a specific gateway adress, which isn''t > > bound to a provider since the providers are both dynamic dsl/ppp > > lines.... > > Trying to run an SMTP server on a host with a dynamic IP address sounds > dicey at best.Just for clarification: both dsl lines do have a static ip. With "dynamic" I tried to describe the fact, that the ppp addresses (with static ip adresses and seperate gateways) may change for ppp0/ppp1 when the ppp interfaces goes up and down. So I do not have a fixed IP''s and routes for ppp0 and another one for ppp1, although I have fixed IP''s for two dsl/ppp lines. kp ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
On Fri, 18 Dec 2009 23:18:41 +0100 KP Kirchdoerfer <kapeka@bering-uclibc.de> wrote:> > Just for clarification: > > both dsl lines do have a static ip. > With "dynamic" I tried to describe the fact, that the ppp addresses > (with static ip adresses and seperate gateways) may change for > ppp0/ppp1 when the ppp interfaces goes up and down. > So I do not have a fixed IP''s and routes for ppp0 and another one for > ppp1, although I have fixed IP''s for two dsl/ppp lines.Doesn''t your ISP provide you with a way to distinguish the two so that ppp0 always gets the same address? If you can do that, you can avoid the gateway issue by simply leaving the GATEWAY column empty (''-'') in /etc/shorewall/providers (or at least that works with later versions of Shorewall-perl; and I believe it works with -shell as well). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
Am Samstag, 19. Dezember 2009 00:23:26 schrieb Tom Eastep:> On Fri, 18 Dec 2009 23:18:41 +0100 > > KP Kirchdoerfer <kapeka@bering-uclibc.de> wrote: > > Just for clarification: > > > > both dsl lines do have a static ip. > > With "dynamic" I tried to describe the fact, that the ppp addresses > > (with static ip adresses and seperate gateways) may change for > > ppp0/ppp1 when the ppp interfaces goes up and down. > > So I do not have a fixed IP''s and routes for ppp0 and another one for > > ppp1, although I have fixed IP''s for two dsl/ppp lines. > > Doesn''t your ISP provide you with a way to distinguish the two so that > ppp0 always gets the same address? If you can do that, you can avoid > the gateway issue by simply leaving the GATEWAY column empty (''-'') > in /etc/shorewall/providers (or at least that works with later versions > of Shorewall-perl; and I believe it works with -shell as well). >I searched the net today and found a mail one and half years ago on this list, mentioning the ''unit'' entry in pppd/dsl-provider. If that is all that is needed to get always the same address(es) on the ppp interface(s); it should work now. Hopefully :) The gateway column in providers is empty, and it does work with shorewall shell. thx for your help kp ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev