[Firehol-support] Secondary internet link fails
Daniel L. Miller
dmiller at amfes.com
Fri Oct 28 01:38:01 BST 2005
Hi again.
We just contracted with a new ISP, and I wanted to test out the
connection before canceling our original one (and, just for fun, maybe
experiment with multiple Internet links).
Unfortunately, my beloved firehol configuration is preventing me from
using the secondary link. During a "firehol try", I was able to ping my
secondary gateway - right up until the final stage of firehol
execution. Watching a ping session while constantly re-executing "ps",
I saw the various iptables commands being executed. Somewhere around
the "forward - drop" chain being created, I was then blocked out.
I added a new block of variables for the new interface, then copied some
existing interface/router stanzas. I'm not seeing what magic lines
might be misconfigured:
LAN_IF="eth0"
LAN_LAN="192.168.0.0/24"
LAN_IP="192.168.0.1"
LAN_BCAST="192.168.0.255"
EXT_X_IF="eth2"
EXT_X_LAN="69.199.29.168/29"
EXT_X_IP="69.199.29.170"
EXT_X_BCAST="69.199.29.175"
interface "${EXT_X_IF}" amfes-newisp src not "${UNROUTABLE_IPS}
${LAN_LAN}" dst "${EXT_X_IP}"
protection strong 100/sec 50
server ident reject with tcp-reset
server ping accept log "allow ping"
client all accept log "client out"
router lan2newisp inface "${LAN_IF}" outface "${EXT_X_IF}" src
"${LAN_LAN}" dst not "${UNROUTABLE_IPS}"
route all accept log "route lan2newisp"
Unless "UNROUTABLE_IPS" is somehow including my new interface?
--
Daniel
More information about the Firehol-support
mailing list