andreil1 <[email protected]> wrote: > I have this setup of shorewall with 2 ISPs, and need to auto-switch > connection if main (LTC1) provider fails, and the revert back if it becomes > alive. > > *** shorewall.conf *** > USE_DEFAULT_RT=Yes > > *** providers *** > LTC1 1 0x1 - eth0 gw1.xx.xx.xx track,balance=1 - > BTC2 2 0x2 - eth1 gw2.yy.yy.yy track - > > *** interfaces *** > net eth0 tcpflags,nosmurfs,rpfilter,sourceroute=0 > net eth1 tcpflags,nosmurfs,rpfilter,sourceroute=0 > loc eth2 tcpflags,nosmurfs,rpfilter > dmz eth3 routeback > > ********************************* > > Script which run via cron each 30 seconds. > Which commands need to be run within this script ? > > Thanks in advance for any suggestion(s) ! > > > HOSTS="gw1.xx.xx.xx" > COUNT=2 > > for myHost in $HOSTS > do > count=$(ping -c $COUNT $myHost | grep 'received' | awk -F',' '{ print $2 }' > | awk '{ print $1 }') > if [ $count -eq 0 ]; then > # 100% failed > # ?? what commands should be run to switch providers? > shorewall disable LTC1 # is this enough ? any command to explicitly > enable BTC1 ? shorewall restart required ?
Yes that's enough. BTC1 will already be enabled (unless you've disabled it). However you'll probably want to keep some memory of the current state so you don't keep disabling it repeatedly - it won't cause any harm, but you'll get an error each time saying it's already disabled. > else > # how to determine which provider is active ? Ping the gateway again. I *THINK* you can still ping the gateway if the provider is disabled, but for a host past there, I think some explicit routing rule needs to be added so you can still send your test traffic. AIUI, all Shorewall does when you mark a provider as disabled is to remove the routing table entries that send traffic via it. As above, you probably want to keep some status so you don't keep re-enabling it when it's already enabled. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
