I just implemented a squid proxy running shorewall as firewall and load balancer under f9.
The setup run fine except that shorewall doesn't seem to untilize the two ISP connections and favours one of them and I have the feeling that the balancing is not working properly:
If I just diconnect the defaultrouted ISP the internet connectivity for the proxy still persists via the default route.
If I disconnect the other 'non-defaultroute' ISP I have to restart the network service and shorewall before the proxy has connectivity again.
The shorewall documentation states that the kernel is caching the routes and will use the same ISP again and again.
Setting the Kernel Option CONFIG_IP_ROUTE_MULTIPATH_CACHED=n is supposed to solve this problem.
So I went to build a new Kernel with this option but can't find it. The only one comming close is: CONFIG_IP_ROUTE_MULTIPATH which is set to yes by default.
1) Am I barking up the wrong tree in trying to build a new Kernel?
a) if no: can I just add the Option CONFIG_IP_ROUTE_MULTIPATH_CACHED=n into the .config file before building the new kernel?
b) is the problem more likely based on the shorewall coniguration?
here my ifconfig:
eth0 Link encap:Ethernet HWaddr 00:0F:FE:1A:47:01
inet addr:172.16.2.4 Bcast:172.16.3.255 Mask:255.255.0.0
eth1 Link encap:Ethernet HWaddr 00:0A:5E:51
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
eth1:1 Link encap:Ethernet HWaddr 00:0A:5E:51
inet addr:192.168.0.11 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:22 Base address:0xcc00
eth1:2 Link encap:Ethernet HWaddr 00:0A:5E:51
inet addr:192.168.0.12 Bcast:192.168.0.255 Mask:255.255.255.0
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
The virtual interfaces are configured by shorewall masq:
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth1:1 eth0 192.168.0.11-192.168.0.12
Here my providers:
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
ISP1 1 1 main eth1:1 192.168.0.101 balance
ISP2 2 2 main eth1:2 192.168.0.102 balance
192.168.0.101 and 102 are the two ISP router.
Would be great if somebody has some input for me!!