On 03/16/2012 06:32 AM, Jesús Dominguez wrote:> Hi everybody,
>
> first of all sorry about my english. I try to do the best y can.
>
> I am able to run shorewall as a firewall-router with one ISP. (with
> differents zones, interfaces, etc..).
>
> My problem appear when i try to use-balance two Multiple Internet
> Connections. My multiple internet lines are properly working on their own.
> If i configure shorewall with one Internet Connection i have no problems.
>
> Problems appear as i said when I use two connection. This is my
> configuration files:
> interfaces
> #ZONE INTERFACE BROADCAST OPTIONS
> net eth2 detect logmartians
> net ppp0 detect logmartians
> loc eth1 detect logmartians
>
> zones
> #ZONE TYPE
> fw firewall
> net ipv4
> loc ipv4
>
> masq
> #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC
> MARK
> eth2 192.168.40.0/24
> ppp0 192.168.40.0/24
>
> providers
> #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY
> OPTIONS COPY
> jazztel 1 0x1 main eth2 192.168.1.1
> balance,track eth1
> vodafone 2 0x2 main ppp0 -
> balance,track eth1
>
>
> I try to do a ping from the lan (loc) and I get it the log:
>
> Mar 16 13:09:06 lizanote kernel: [13961.140104] ll header: 00:02:b3:c7
> Mar 16 13:09:09 lizanote kernel: [13964.144026] martian source
> 192.168.1.100 from 212.166.210.80, on dev ppp0
>
> # /sbin/shorewall version
> 4.4.11.6
>
> ip addr show
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> valid_lft forever preferred_lft forever
> 2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen
1000
> link/ether 00:02:b3:c7:2b:f6 brd ff:ff:ff:ff:ff:ff
> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state
> UP qlen 1000
> link/ether 00:02:b3:c7:2f:77 brd ff:ff:ff:ff:ff:ff
> inet 192.168.40.1/24 brd 192.168.40.255 scope global eth1
> inet6 fe80::202:b3ff:fec7:2f77/64 scope link
> valid_lft forever preferred_lft forever
> 4: eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc
pfifo_fast
> state DOWN qlen 1000
> link/ether 00:21:9b:61:db:b9 brd ff:ff:ff:ff:ff:ff
> inet 192.168.1.100/24 brd 192.168.1.255 scope global eth2
> inet6 fe80::221:9bff:fe61:dbb9/64 scope link
> valid_lft forever preferred_lft forever
> 7: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
> pfifo_fast state UNKNOWN qlen 3
> link/ppp
> inet 212.166.226.182 peer 10.64.64.64/32 scope global ppp0
>
> ip route show
> 10.64.64.64 dev ppp0 proto kernel scope link src 212.166.226.182
> 192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.100
> 192.168.40.0/24 dev eth1 proto kernel scope link src 192.168.40.1
> default
> nexthop via 192.168.1.1 dev eth2 weight 1
> nexthop dev ppp0 weight 1
>
What is happening here is that the ping packet was sent out of eth2 but
the response is being received through ppp0.
I suggest adding this to /etc/shorewall/init:
qt $IP route replace 212.166.224.0/20 dev ppp0
and ''shorewall restart''. That should force traffic to Vodocom
Spain to
be routed out of ppp0 rather than eth2.
If that doesn''t work, then change /etc/shorewall/interfaces like this:
#ZONE INTERFACE BROADCAST OPTIONS
net eth2 detect logmartians=0,routefilter=0
net ppp0 detect logmartians=0,routefilter=0
loc eth1 detect logmartians
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure