[Shorewall-users] Multi ISP CONFIG_IP_ROUTE_MULTIPATH_CACHED

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

 Hi all

I just implemented a squid proxy running *shorewall* as firewall and load
balancer under f9.

Kernel: 2.6.25-14.fc9.i686

The setup run fine except that *shorewall* doesn't seem to untilize the two
ISP connections and favours one of them and I have the feeling that the
balancing is not working properly:

If I just diconnect the defaultrouted ISP the internet connectivity for the
proxy still persists via the default route.
If I disconnect the other 'non-defaultroute' ISP I have to restart the
network service and *shorewall* before the proxy has connectivity again.

The *shorewall* documentation states that the kernel is caching the routes
and will use the same ISP again and again.
Setting the Kernel Option CONFIG_IP_ROUTE_MULTIPATH_CACHED=n is supposed to
solve this problem.

So I went to build a new Kernel with this option but can't find it. The only
one comming close is: CONFIG_IP_ROUTE_MULTIPATH which is set to yes by
default.

*My question:*

1) Am I barking up the wrong tree in trying to build a new Kernel?

a) if no: can I just add the Option CONFIG_IP_ROUTE_MULTIPATH_CACHED=n into
the .config file before building the new kernel?

b) is the problem more likely based on the *shorewall* coniguration?

*here my ifconfig:*

eth0 Link encap:Ethernet HWaddr 00:0F:FE:1A:47:01
inet addr:172.16.2.4 Bcast:172.16.3.255 Mask:255.255.0.0

eth1 Link encap:Ethernet HWaddr 00:0A:5E:514:27
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0

eth1:1 Link encap:Ethernet HWaddr 00:0A:5E:514:27
inet addr:192.168.0.11 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:22 Base address:0xcc00

eth1:2 Link encap:Ethernet HWaddr 00:0A:5E:514:27
inet addr:192.168.0.12 Bcast:192.168.0.255 Mask:255.255.255.0

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0

*The virtual interfaces are configured by shorewall masq:*

#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth1:1 eth0 192.168.0.11-192.168.0.12

*Here my providers:*

#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
ISP1 1 1 main eth1:1 192.168.0.101 balance
ISP2 2 2 main eth1:2 192.168.0.102 balance

192.168.0.101 and 102 are the two ISP router.

Would be great if somebody has some input for me!!

Thanks