Shorewall users - Oct 2010 - Problem with accounting and two isp's

Hi
I''m trying to have an expensive satellite line as backup for my 
traditional vsat isp.
I have followed the multi isp documentation as good as I can but face a 
problem when the vsat ISP provider fails.
Shorewall refuses to startup due to the lack of the provider.

Compiling /etc/shorewall/accounting...
Generating Rule Matrix...
Creating iptables-restore input...
Compiling iptables-restore input for chain mangle:...
Shorewall configuration compiled to /var/lib/shorewall/.start
Starting Shorewall....
Initializing...
Loading Modules...
Processing /etc/shorewall/init ...
Processing /etc/shorewall/tcclear ...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Proxy ARP...
Adding Providers...
    Provider fbb (1) Added
    ERROR: Interface eth0 is not usable -- Provider vsat (2) Cannot be Added
Processing /etc/shorewall/stop ...
Processing /etc/shorewall/tcclear ...
Shorewall-generated routing tables and routing rules removed
Running debug_restore_input...
IPv4 Forwarding Enabled
Processing /etc/shorewall/stopped ...
/usr/share/shorewall/lib.common: line 63: 10323 Terminated              
$SHOREWALL_SHELL $script $options $@

I guess there is something missing in my config. If I remove the 
eth0.status or set the content to 0 everything works as supposed again.
zones
fw      firewall
net     ipv4
loc     ipv4
bup     ipv4
adm     ipv4

interfaces
net     eth0    detect
loc     eth1    detect
adm     eth2    detect
bup     eth3    detect

providers
fbb     1       1       main            eth3            192.168.10.1    
track,loose,fallback      eth1,eth2
vsat    2       2       main            eth0            213.52.18.137   
track,balance   eth1,eth2

Then the lsm scripts are as described in the MultiISP document, isusable 
etc.


/GH

------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev

On 10/27/10 7:42 AM, Göran Höglund wrote:
> Hi
> I''m trying to have an expensive satellite line as backup for my 
> traditional vsat isp.
> I have followed the multi isp documentation as good as I can but face a 
> problem when the vsat ISP provider fails.
> Shorewall refuses to startup due to the lack of the provider.
> 
> Compiling /etc/shorewall/accounting...
> Generating Rule Matrix...
> Creating iptables-restore input...
> Compiling iptables-restore input for chain mangle:...
> Shorewall configuration compiled to /var/lib/shorewall/.start
> Starting Shorewall....
> Initializing...
> Loading Modules...
> Processing /etc/shorewall/init ...
> Processing /etc/shorewall/tcclear ...
> Setting up Route Filtering...
> Setting up Martian Logging...
> Setting up Proxy ARP...
> Adding Providers...
>     Provider fbb (1) Added
>     ERROR: Interface eth0 is not usable -- Provider vsat (2) Cannot be
Added
> Processing /etc/shorewall/stop ...
> Processing /etc/shorewall/tcclear ...
> Shorewall-generated routing tables and routing rules removed
> Running debug_restore_input...
> IPv4 Forwarding Enabled
> Processing /etc/shorewall/stopped ...
> /usr/share/shorewall/lib.common: line 63: 10323 Terminated              
> $SHOREWALL_SHELL $script $options $@
> 
> I guess there is something missing in my config. If I remove the 
> eth0.status or set the content to 0 everything works as supposed again.
> zones
> fw      firewall
> net     ipv4
> loc     ipv4
> bup     ipv4
> adm     ipv4
> 
> interfaces
> net     eth0    detect
You must specify the ''optional'' option if you want the
firewall to be
able to start when this interface is not usable.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev

On 10/28/10 6:07 AM, Göran Höglund wrote:
> Hi
> The problem is solved.
> I just set a static route to the ping targets outside Shorewall.
> I asume ther are some config file aimed for this pupose though ?
> 
Depends on your distribution.
> I also let LSM run continously.
Which you must do.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev