[Firehol-support] Secondary internet link fails

[Costa Tsaousis]

Hi Daniel,

Why don't you just give us a few log lines of packets being dropped?
This will make everything clear...

Costa

Daniel L. Miller wrote:

> Hi again.
>
> We just contracted with a new ISP, and I wanted to test out the 
> connection before canceling our original one (and, just for fun, maybe 
> experiment with multiple Internet links).
>
> Unfortunately, my beloved firehol configuration is preventing me from 
> using the secondary link.  During a "firehol try", I was able to ping 
> my secondary gateway - right up until the final stage of firehol 
> execution.  Watching a ping session while constantly re-executing 
> "ps", I saw the various iptables commands being executed.  Somewhere 
> around the "forward - drop" chain being created, I was then blocked out.
>
> I added a new block of variables for the new interface, then copied 
> some existing interface/router stanzas.  I'm not seeing what magic 
> lines might be misconfigured:
>
> LAN_IF="eth0"
> LAN_LAN="192.168.0.0/24"
> LAN_IP="192.168.0.1"
> LAN_BCAST="192.168.0.255"
>
> EXT_X_IF="eth2"
> EXT_X_LAN="69.199.29.168/29"
> EXT_X_IP="69.199.29.170"
> EXT_X_BCAST="69.199.29.175"
>
> interface "${EXT_X_IF}" amfes-newisp src not "${UNROUTABLE_IPS} 
> ${LAN_LAN}" dst "${EXT_X_IP}"
>        protection strong 100/sec 50
>        server ident reject with tcp-reset
>        server ping accept log "allow ping"
>        client all accept log "client out"
>
> router lan2newisp inface "${LAN_IF}" outface "${EXT_X_IF}" src 
> "${LAN_LAN}" dst not "${UNROUTABLE_IPS}"
>        route all accept log "route lan2newisp"
>
> Unless "UNROUTABLE_IPS" is somehow including my new interface?
>