rockpilp wrote:Hi SouthPawn,
I just upgraded from WhiteRussian, where I had manually configured dual-wan to Kamikaze, and your module is a godsend, saving me a couple hours of trying to figure out how to set up firewall rules again.
However, I do have a couple of issues:
- I tried using traffic rules to force traffic to and from one of my machines to go through the secondary, but that doesn't seem to be enforced. The firewall config does target GW2MARK for packets to and from that host, but I'm not sure iproute2 does anything with that
- when I /etc/init.d/dualwan stop, the default routes are not restored, so connectivity is broken
- when I try to edit the agent file, my vi session gets killed periodically; why not use 'killall', which is safer, rather than the complex grep you're using in the script, which is pretty indisciminate?
Thanks a bunch, I hope you will be able to improve the script so it can be included in the standard repository!
Pierre
Hey Pierre,
Thanks for the feedback!
I've made a few changes based on what you've told me.
(edited above, ftp://ftp.netlab7.com/dualwan_0.1c.ipk)
A. Hmm, the only real thing that comes to mind is that possibly theres a ip routing conflict. The script makes use of routing table 200, I probably should have made this something a bit more obscure, but it's possible that if something else is attempting to make use of table 200.
Here's an example of a config entry I have in /etc/config/dualwan to force one of my lan ips to go to the secondary:
config 'dualwanfw'
option 'src' '192.168.0.6'
option 'wanrule' 'wan2'
B. The Dual-WAN Agent backs out cleanly now, meaning it'll restore everything to the way it was before it was started. Bringing back both default routes, flushing the ip rules and flushing the wan2 routing table.
C. The reason for the complex grep/kill system is I cannot seem to killall a shell script, but I changed what grep is looking for so that it won't kill your vi session, only the script as it's running.
Thanks again Pierre,
-Craig
(Last edited by SouthPawn on 1 Feb 2010, 01:44)