Hi List, I get a funny problem when I use Multiple ISP setup from the shorewall documentation. I use it for failover between two different carriers. I use lsm as described and are using shorewall version 4.5.5.1 on a centos 6.4 box. My issue is routing, when lsm change to the backup my browsing is using the backup IF, Fine ... But if I set a continuous ping on a PC behind the firewall these pings want change IF?? So if I start a ping when the backup is active it want switch over to the normal isp when it is restored, but browsing does. I assume this is easy when you know but I don''t and it bugs me Regards Gh ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter
On 4/9/13 7:46 AM, "Göran Höglund" <goran.hoglund@telemar.se> wrote:>Hi List, >I get a funny problem when I use Multiple ISP setup from the shorewall >documentation. > >I use it for failover between two different carriers. >I use lsm as described and are using shorewall version 4.5.5.1 on a >centos 6.4 box. > >My issue is routing, when lsm change to the backup my browsing is using >the backup IF, Fine ... > >But if I set a continuous ping on a PC behind the firewall these pings >want change IF?? >So if I start a ping when the backup is active it want switch over to >the normal isp when it is restored, but browsing does. > >I assume this is easy when you know but I don''t and it bugs meA continuous ''ping'' creates a connection tracking entry and in a multi-ISP setup, each conntrack entry is tied to a single provider. This is the same with *any* connection. So when the the primary connection comes up, *all* connections that are currently using the backup continue to use the backup until they are closed. Only *new* connections will use the primary provider. -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter
Hi Thanks I guessed there was a very simple answer beyond my knowledge level to this. If I use shorewall show connections I will not be able to see the ICMP''s, correct? How do I trace these? Is there any way to drop the tracking entrys? /GH Tom Eastep skrev 2013-04-09 23:15:> On 4/9/13 7:46 AM, "Göran Höglund" <goran.hoglund@telemar.se> wrote: > >> Hi List, >> I get a funny problem when I use Multiple ISP setup from the shorewall >> documentation. >> >> I use it for failover between two different carriers. >> I use lsm as described and are using shorewall version 4.5.5.1 on a >> centos 6.4 box. >> >> My issue is routing, when lsm change to the backup my browsing is using >> the backup IF, Fine ... >> >> But if I set a continuous ping on a PC behind the firewall these pings >> want change IF?? >> So if I start a ping when the backup is active it want switch over to >> the normal isp when it is restored, but browsing does. >> >> I assume this is easy when you know but I don''t and it bugs me > A continuous ''ping'' creates a connection tracking entry and in a multi-ISP > > setup, each conntrack entry is tied to a single provider. This is the same > > with *any* connection. So when the the primary connection comes up, *all* > connections that are currently using the backup continue to use the backup > > until they are closed. Only *new* connections will use the primary > provider. > > -Tom > You do not need a parachute to skydive. You only need a parachute to > skydive twice. > > > > > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > ----- > No virus found in this message. > Checked by AVG - www.avg.com > Version: 2013.0.2904 / Virus Database: 2641/6234 - Release Date: 04/09/13 >-- Göran Höglund Telemar Scandinavia AB P O Box 9304 SE-400 97 Gothenburg, Sweden Phone: +46 70 5218777 http://www.telemar.se ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter
On 04/09/2013 11:56 PM, Göran Höglund wrote:> Hi > Thanks I guessed there was a very simple answer beyond my knowledge > level to this. > > If I use > shorewall show connections > I will not be able to see the ICMP''s, correct?Yes, you can.> How do I trace these? > > Is there any way to drop the tracking entrys? >Install and use the ''conntrack'' utility. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter