Hi All, We have been using Shoreline Firewall for many years now for our firm. The older version of shorewall does not support multiple ISP providers at the same time. For that reason, I am trying to configure Shorewall version 4.4.22 in our environment. We have two providers: A and B. I have three interfaces on my test machine: eth0: that is for LAN, eth1: for provider A and eth2: for provider B. I have given seperate names to both the providers: inet1 to provider A and inet2 to provider B. And lnet is my local LAN. Provider A is somewhat untrustable. Sometimes, the connection gets lost. We have some RDP users who work on remote client side. They face connection problems. What I want to do is, route all the traffic of those RDP users via provider B and normal LAN users should use provider A for all there work. In short, I want some users to route through provider B and rest of others through provider A. Now I have read the shorewall docs i.e. MultiISP configuration: http://shorewall.net/MultiISP.html. I have created a single rules file for that purpose. I have written appropriate rules for the above purpose. But when I test both the providers at same time, problem starts. Initially, provider B works, i.e. RDP users can connect to remote using provider B. and local users are unable to browse the internet. When I restart eth1 interface, then provider A works. But now RDP users are unable to connect. Are the interfaces overriding each other? Or am I missing something? I have RDP rule in the rules file as follows: ACCEPT lnet:192.168.5.4 inet2:xx.xx.xx.xx tcp 9690 Thanks. ------------------------------------------------------------------------------ Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/
On Fri, 2011-12-09 at 05:42 +0000, Chaitanya Shastri wrote:> We have been using Shoreline Firewall for many years now for our > firm. The older version of shorewall does not support multiple ISP > providers at the same time. For that reason, I am trying to configure > Shorewall version 4.4.22 in our environment. > We have two providers: A and B. I have three interfaces on my test > machine: eth0: that is for LAN, eth1: for provider A and eth2: for > provider B. > I have given seperate names to both the providers: inet1 to provider A > and inet2 to provider B. And lnet is my local LAN. > Provider A is somewhat untrustable. Sometimes, the connection gets > lost. We have some RDP users who work on remote client side. They face > connection problems. > What I want to do is, route all the traffic of those RDP users via > provider B and normal LAN users should use provider A for all there > work. > In short, I want some users to route through provider B and rest of > others through provider A. > > Now I have read the shorewall docs i.e. MultiISP configuration: > http://shorewall.net/MultiISP.html. > I have created a single rules file for that purpose. I have written > appropriate rules for the above purpose. > But when I test both the providers at same time, problem starts. > Initially, provider B works, i.e. RDP users can connect to remote > using provider B. and local users are unable to browse the internet. > When I restart eth1 interface, then provider A works. But now RDP > users are unable to connect. > Are the interfaces overriding each other? Or am I missing something? > I have RDP rule in the rules file as follows: > > ACCEPT lnet:192.168.5.4 inet2:xx.xx.xx.xx tcp 9690Please forward the output of ''shorewall dump'' collected as described at http://www.shorewall.net/support.htm#Guidelines. It is impossible to analyze Multi-ISP problems with only a brief description of the failure. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/
On Fri, 2011-12-09 at 06:28 -0800, Tom Eastep wrote:> > Please forward the output of ''shorewall dump'' collected as described at > http://www.shorewall.net/support.htm#Guidelines. It is impossible to > analyze Multi-ISP problems with only a brief description of the failure. >But before you do that, be sure that you have read FAQs 57 and 58 and have followed the advice that you find there. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/
Thanks for replying. I have read those FAQs and have tried to impliment as you suggested. But that didn''t work for me. I will mail you the dump seperately.Thanks.From: Tom Eastep <teastep@shorewall.net>Sent: Fri, 09 Dec 2011 20:06:23 To: Shorewall Users <shorewall-users@lists.sourceforge.net>Cc: chait_01@rediffmail.comSubject: Re: [Shorewall-users] Unable to use two providers at the same time.On Fri, 2011-12-09 at 06:28 -0800, Tom Eastep wrote:> > Please forward the output of ''shorewall dump'' collected as described at> http://www.shorewall.net/support.htm#Guidelines. It is impossible to> analyze Multi-ISP problems with only a brief description of the failure.> But before you do that, be sure that you have read FAQs 57 and 58 andhave followed the advice that you find there.-Tom-- Tom Eastep \ When I die, I want to go like my Grandfather whoShoreline, &nb sp; \ died peacefully in his sleep. Not screaming likeWashington, USA \ all of the passengers in his carhttp://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Cloud Computing - Latest Buzzword or a Glimpse of the Future? This paper surveys cloud computing today: What are the benefits? Why are businesses embracing it? What are its payoffs and pitfalls? http://www.accelacomm.com/jaw/sdnl/114/51425149/
Hi All, As I have mentioned before, I had two internet zones defined seperately: inet1 and inet2. I wanted to route some traffic using provider B i.e. using inet2 and all other traffic using provider A. According to Tom, I should use only one zone name for internet zone i.e. inet and use the route_rules file and the ''balance'' option in providers file to be able to use both the providers simultaneously. I had a question: If I write a rule in route_rules file, should that also be present in the rules file?Thanks.From: Tom Eastep <teastep@shorewall.net>Sent: Fri, 09 Dec 2011 20:06:23 To: Shorewall Users <shorewall-users@lists.sourceforge.net>Cc: chait_01@rediffmail.comSubject: Re: [Shorewall-users] Unable to use two providers at the same time.On Fri, 2011-12-09 at 06:28 -0800, Tom Eastep wrote:> > Please forward the output of ''shorewall dump'' collected as described at> http://www.shorewall.net/support.htm#Guidelines. It is impossible to> analyze Multi-ISP problems with only a brief description of the failure.> But before you do that, be sure that you have read FAQs 57 and 58 andhave followed the advice that you find there.-Tom-- Tom Eastep \ When I die, I want to go like my Grandfather whoShoreline, \ died peacefully in his sleep. Not screaming likeWashington, USA \ all of the passengers in his carhttp://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ 10 Tips for Better Server Consolidation Server virtualization is being driven by many needs. But none more important than the need to reduce IT complexity while improving strategic productivity. Learn More! http://www.accelacomm.com/jaw/sdnl/114/51507609/
Hello, Please email in plain text. I can barely read the stuff below. Thank you, -Mark On 15 Dec 2011 05:23:17 -0000 "Chaitanya Shastri" <chait_01@rediffmail.com> wrote:> Hi All, > > As I have mentioned before, I had two internet zones defined > seperately: inet1 and inet2. I wanted to route some traffic using > provider B i.e. using inet2 and all other traffic using provider > A. > > According to Tom, I should use only one zone name for internet zone > i.e. inet and use the route_rules file and the ''balance'' option in > providers file to be able to use both the providers simultaneously. > > I had a question: If I write a rule in route_rules file, > should that also be present in the rules file?Thanks.From: Tom Eastep > <teastep@shorewall.net>Sent: Fri, 09 Dec 2011 20:06:23 To: > Shorewall Users <shorewall-users@lists.sourceforge.net>Cc: > chait_01@rediffmail.comSubject: Re: [Shorewall-users] Unable to use > two providers at the same time.On Fri, 2011-12-09 at 06:28 -0800, Tom > Eastep wrote:> > Please forward the output of ''shorewall dump'' > collected as described at> > http://www.shorewall.net/support.htm#Guidelines. It is impossible > to> analyze Multi-ISP problems with only a brief description of > the failure.> But before you do that, be sure that you have read > FAQs 57 and 58 andhave followed the advice that you find there.-Tom-- > Tom Eastep \ When I die, I want to go like > my Grandfather whoShoreline, \ died > peacefully in his sleep. Not screaming likeWashington, USA > \ all o f the passengers in his carhttp://shorewall.net > \________________________________________________------------------------------------------------------------------------------ 10 Tips for Better Server Consolidation Server virtualization is being driven by many needs. But none more important than the need to reduce IT complexity while improving strategic productivity. Learn More! http://www.accelacomm.com/jaw/sdnl/114/51507609/
On Thu, 2011-12-15 at 05:23 +0000, Chaitanya Shastri wrote ,> As I have mentioned before, I had two internet zones defined > seperately: inet1 and inet2. I wanted to route some traffic using > provider B i.e. using inet2 and all other traffic using provider A. > According to Tom, I should use only one zone name for internet zone > i.e. inet and use the route_rules file and the ''balance'' option in > providers file to be able to use both the providers simultaneously. > I had a question: If I write a rule in route_rules file, should that > also be present in the rules file?Routing (including route_rules) simply tells packets where to go. Rules and Policies determine if they are allowed to go there. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ 10 Tips for Better Server Consolidation Server virtualization is being driven by many needs. But none more important than the need to reduce IT complexity while improving strategic productivity. Learn More! http://www.accelacomm.com/jaw/sdnl/114/51507609/