similar to: marking and routing (with multi-isp) not working

Hi All, As you probably all know :-) I''m trying to do the multi-isp thing. I''ve resolved my last issue with the route_rules as suggested by Tom and Jerry suggested. Lately I have been seeing "transient" (I say transient because the problem will persist for a while and then magically clear itself up some number of minutes later) situations where my gateway will log:

I have a multi-isp configuration: CGCO 1 256 main $CGCOIF detect track,balance br-lan,tun0 IGS 2 512 main $IGSIF detect track,fallback br-lan,tun0 where I force SMTP out one of the connections: 512:P br-lan - tcp 25 But the effect of that of course is that if IGS goes down, SMTP will leak out of the CGCO connection. How can I prevent that? Cheers, b.

Hi. I'm hoping for some advise/help. I have a domain that won't seem to go online: $ wbinfo --online-status BUILTIN : active connection MY-HOST : active connection FOO : no active connection The log for the domain repeats over and over again: [2019/05/30 09:34:10.259173, 3, pid=1606, effective(0, 0), real(0, 0), class=auth] ../../auth/ntlmssp/ntlmssp_sign.c:514(ntlmssp_sign_reset)

(if this post gets line-feed-mangled please read http://www.dl.reneschmidt.de/shorewallxenpost.txt - that''s an unmangled version, thank you) Hello, first I would like to thank the Mr. Eastep and contributors for this great piece of software and superb documentation. I have a SOHO server (Debian testing) that I''m using for several purposes so I''ve set up a Xen

HTB performance improvement Hi all ! i''m looking at the performance of the HTB algorithm/implementation because i would like more packets/sec !! this is the scenario of the performance test: i''m using an embedded system with: SPEED CPU: 399,999 MHz RAM: 128 MByte FLASH: 16 MByte EEPROM: 8Kbyte PROCESSOR MPC8272 a lan to lan 10/100 and in particular we are sending

Hello, I have this problem: when my mail server on the DMZ starts a connection to the internet it''s ip (213.58.230.26) is "masqueraded" with the firewall ip (213.58.230.50). I wouldn''t mind but there is a one customer who rejects the connection because it makes reverse dns and finds no dns entry for the firewall ip. How can i correct this? Thanks, MSantos shorewall

Shorewall 4.5.9.2 is now available for download. Problems Corrected: 1) Previously, the rules in the ''routemark'' chain did not specify a mask in the MARK target. While a mask isn''t strictly necessary in those rules, one has been added to ally fears of those who read the generated ruleset. Note: The ''routemark'' chain is used to apply

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I''ve a problem on the broadcast it is adding some additional route to the router which caused me some problem... Below is my /etc/shorewall/interface swtmng1 eth0.1 202.73.10.127 norfc1918 apmng1 eth0.10 202.73.8.7 norfc1918 dist1 eth0.1000 202.73.11.255 norfc1918,nobogons idc1 eth2.50

Hi, I''ve been implementing a load balancing solution using CONNMARK, based on solution described by Luciano Ruete at [1]. Gracias por el post y por apuntar en la dirección correcta Luciano! Once implemented, I''ve found that due to some reason packets aren''t properly marked (or improperly remarked) and sent out using the wrong interface. My topo setup is:

Hi, I'm using linux 2.6.21.5 and our kernel is freeze. The problem is, if I create a Software bridge using $brctl command. and add two interfaces say, eth0.0 and eth0.1 using $brctl addbr br-lan $brctl addif br-lan eth0.0 $brctl addif br-lan eth0.1 and when i send traffic from a host connected to one port to host connected at other end, soon all the memory is dried up and and kernel

Hello list I have a problem with classifying traffic from two providers, and about 600 users. I have the following situation: P1-\ | linux | --eth0-| box |-eth1 P2-/ | | P1 and P2 are coming from VLANs. I have 4 type traffic which I want to classify. The traffic is divided as follows: P1 - 100mbit from realm 0x70000 10mbit from realm ! 0x70000

Hi, I have a big "name problem" with my internal mail server (10.0.0.152). It is "seen" on the internet through DNAT (213.58.230.27). Also there is a MX record pointing to the machine. Everything works fine from the outside. However i can''t set the mail clients on the lan pointing to the mx record, because this one points to 213.58.230.27 and the firewall

I am trying to apply the new :T flag in tcrules. the man page for this file [1] sayas that if SOURCE is $FW then rules are applied in OUTPUT. this doesn''t seem to work on my setup. I have in tcrules : ------------------------------------------------------------------------ RESTORE:T 0.0.0.0/0 0.0.0.0/0 all - - - 0 CONTINUE:T 0.0.0.0/0 0.0.0.0/0

Hi, I am one of the developers of the FreeWRT project and I want to give you some feedback. Shorewall runs quite fine on our supported devices, but we need to patch Shorewall to get it running as expected. The problem is the ip command and busybox 1.4.2. Some words about busybox: BusyBox is a multi-call binary that combines many common Unix utilities into a single executable.

Hi all, I used to manage network through /etc/sysconfig/network-scripts/ifcfg-* Most of my use case are vlans (ie: eth0.1) an aliases (ie: eth1:3) My context in headless VMs (no DE, no Xorg, no GUI) With CentOS7 and systemd: is it still managed with /etc/sysconfig/network-scripts/ifcfg-* ? For the mount component, I found that systemd kind of "sources" /etc/fstab and converts it to

Hello all, I have a CentOS box that has a NIC (eth0) on which I defined 4 VLAN's (counting the NIC itself): eth0, eth0.1, eth0.2 and eht0.3. Initially the Cisco switch was not partitioned into VLAN's which means that the only VLAN running on it was the default one (VLAN 1). I have then played with VLAN's a bit on the switch and at this point have two: VLAN 1 (which is default and can

Hi, this is my Linux Box ---------------------------- LAN 1 -----|--eth1 <---br1--->eth0.1 | | \ | | eth0--|----- 802.1q tagged 1 Mbps link | / | LAN 2 -----|--eth2 <---br2--->eth0.2 | ---------------------------- I have to bridge the 2 lans

Hi, The problem solved After installing new zaptel drivers, we ran the "genzaptel" command to generate /etc/zaptel.conf file,checked with "zttool" command and the card status was "Yellow alarm/Blue alarm/Recovering" and the card LED was blinking red and green. The problem was with the generated zaptel configuration., but not with the pin

I've built samba for an embedded mips platform. Since this is an embedded platform, it's possible that some critical file that samba needs is missing but stracing the daemons doesn't reveal anything strange. It's running 2.4.34 kernel. Samba is failing to find any interfaces. [2000/01/02 10:55:01, 3] nmbd/nmbd.c:main(759) Opening sockets 137 [2000/01/02 10:55:01, 10]

Hi All, This is my first mail to the LARTC mailing list.I am having some problems with the download bandwidth over VLAN.The setup i am having at my place is somewhat below.. +-------------------+ | | | FTP Server | | | +-------------------+ | +---------------+ | | | | | eth1=|-------+ | My Box | | eth0=|--------+ | | | +---------------+ | | +----------+----------+-----------------------+ | |