similar to: MultiISP.html documentation improvements

I have 2 connections to the internet. 1 is an ADSL the other is a 3MB link over satellite. This is a portion of my firewall script ip route flush table 3 2> /dev/null ip rule delete table 3 2> /dev/null ip route add table 3 127.0.0.0/8 dev lo scope link ip route add table 3 89.0.0.0/8 dev eth0 scope link ip rule add fwmark 3 table 3 ip route add table 3 default via $isp2_ip dev eth3 ip

Beta 3 is now available for testing. Problems Corrected: 1) The value ''0'' is once again accepted in the IN_BANDWIDTH columns of tcinterfaces and tcrules, and causes no ingress policing to be configured. 2) MARK_IN_FORWARD_CHAIN=Yes no longer generates an error when $FW:<address> is entered in the SOURCE column of the tcrules file. New Features: 1) The

Beta 3 is now available for testing. Problems Corrected: 1) The value ''0'' is once again accepted in the IN_BANDWIDTH columns of tcinterfaces and tcrules, and causes no ingress policing to be configured. 2) MARK_IN_FORWARD_CHAIN=Yes no longer generates an error when $FW:<address> is entered in the SOURCE column of the tcrules file. New Features: 1) The

Hi, I was reading document http://shorewall.net/MultiISP.html#idp3634200. Inspired by the document I was trying to establish the following changes: * one additional interface: COMA_IF * COM[A,B,C]_IF interfaces request IP address via DHCP * all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF * all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default * non-RFC 1918

Hi I have a default route to 192.168.1.1 as soon as I start shorewall the default route dissapear. What do I need to do to have it not disappear. Kind Regards My network setup /etc/network/interfaces: # The primary network interface auto eth0 iface eth0 inet static address 192.168.1.17 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255

Hello, it seems I am hit by http://shorewall.net/MultiISP.html#Local : "Experience has shown that in some cases, problems occur with applications running on the firewall itself. This is especially true when you have specified routefilter on your external interfaces in /etc/shorewall/interfaces (see above). When this happens, it is suggested that you have the application use specific local IP

Below is a snippet from my firewall script isp1_ip="xx.0.5.20" isp1_gw="xx.0.5.1" isp1_net="xx.0.5.0/28" isp1_if="eth2" isp2_ip="xx.182.19.88" isp2_gw="xx.182.19.1" isp2_net="xx.182.19.0/28" isp2_if="eth3" lo_ip="127.0.0.1" lo_if="lo" lo_net="127.0.0.1/8"

Below is a snippet from my firewall script isp1_ip="xx.0.5.20" isp1_gw="xx.0.5.1" isp1_net="xx.0.5.0/28" isp1_if="eth2" isp2_ip="xx.182.19.88" isp2_gw="xx.182.19.1" isp2_net="xx.182.19.0/28" isp2_if="eth3" lo_ip="127.0.0.1" lo_if="lo" lo_net="127.0.0.1/8" ip rule delete

Hi, I have a multi-isp configuration both on ppp interfaces. As one of them is 32Mbit/s and the other is 8Mbit/s , I have a weight setting of 4 to 1 as in the following providers file entries: vdsl 1 0x10000 - ppp1 - track,balance=4 adsl 2 0x20000 - ppp0 - track,balance=1 I would also like to have fallback between them so that if one is

Hello Guys I have problem with internet bank. I have 2 Internet links balancing mode, thus the bank is charging connection down. I tried to force Internet traffic (port 80 and 443) for only a link, however it did not work. How do I make a setting to force the connection to these ports for a specific link. Note: I can not use the file as route_rules have neither the source IP (ltsp) nor of

hi all, i have this situation: isp1 | dmz ----- FW linux ----- isp2 |----------------------------------- vpn concentrator ----- various ipsec lan-2-lan | LAN In lan i have "pc zone" and "server zone", same network. Dmz and server zone browse internet through isp1, lan use isp2, and remote

The Shorewall Team is pleased to announce the availability of Shorewall 4.5.0. ---------------------------------------------------------------------------- P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) This release includes all defect repair included in 4.4.27.1-4.4.27.3. 2) The start

I'm using shorewall 3.0.4 with ubuntu dapper. I've compiled the kernel with the option CONFIG_IP_ROUTE_MULTIPATH_CACHED=n. I had a trouble with, pptp connection, I'm trying to connect a using microsoft vpn a vpn server out of my lan, and don't work. My files <providers> ADSL1 1 1 main eth1.600 10.190.1.1 track,balance eth0 ADSL1 2 2 main eth1.601 10.190.2.1

I have delete "lo" Zones And Interface and rebuild all the firewall >From Local I ping www.google.fr with DNS resolution DNSMASK installed on the firewall. POSTFIX and Squid+SquidGuard Installed on firewall All clients machines have the IP of Firewall for Dns resolution New Dump joint Without Squid : I surf and all works perfectly With Squid And REDIRECT rule : surf Is VERY TOO

the establishment of an openvpn link sometimes fails. I tracked it down to network traffic with wrong Sourceport in the answer packet (should be 1300 not 1024): 2 1.119309000 aaa.185.165 bbb.162.192 UDP 58 Source port: 1300 Destination port: 1300 3 1.119446000 bbb.162.192 aaa.185.165 UDP 66 Source port: 1024 Destination port: 1300 and a collateral entry in the connection tracking table

Dear list, Shorewall is running here with 2 ISP''s: ISP1: corporate ADSL-line with fixed set of IP''s ISP2: fast consumer-grade cable-connection with higher bandwidth All our main traffic (web, e-mail) is routed trough ISP1. Only for special purposes (frequent large ftp-transfers) ISP2 is used, configured trough tcrules. ISP2 is not so reliable as ISP1 (duh) and they sometimes

Hi to the list, I configured a multi-provider setup with /etc/shorewall/providers: Orange 1 1 main eth1 81.255.74.150 track,balance=1 eth0 Free 2 2 main eth2 88.180.116.254 track,balance=3 eth0 and /etc/shorewall/tcrules: 2:P 192.168.2.0/24 0.0.0.0/0 tcp 143 2:P 192.168.2.0/24

Hi, as per the shorewall MultiISP documentation ( http://www1.shorewall.net/MultiISP.html ), it says "Use of this feature requires that your kernel and iptables include CONNMARK target and connmark match support (Warning: Standard Debian™ and Ubuntu™ kernels are lacking that support!)." it means MultiISP wont work properly if i am using Ubuntu server. if yes whats the

Hi list, My network was assigned a private AS and my ISP(4) urged me to use BGP ! My Other 3 providers on my Shorewall BOX are typical aDSL lines while the 4th is an 1G optical uplink with 64 addresses. Currently I am in a balance, track mode in shorewall ISP setup.. After I installed - configured and started zebra + bgp my static routing tables got filled with about 850 static routes to

In policy $FW Net ACCEPT Dump.rar join THX -----Message d''origine----- De : shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] De la part de Tom Eastep Envoyé : jeudi 12 octobre 2006 21:22 À : Shorewall Users Objet : Re: [Shorewall-users] Tc rules Help with multiISP + squid& squidguard... Joffrey FLEURICE wrote: > > >