Forum Replies Created
Thanks, I have done the same now and it works ! Although, it requires two machines now instead of just one, to manage the same. Could there be some possibility that I could consolidate the same, into one machine ?
Yes, I tried that earlier. Unless, I add the interface in the “Gateway List” of the “Net Balancer”, the interface does not show up in the “Target Gateway” of the “Balancing Rules” section !
But Sir, the most wanted feature of “Restarting pppoe and 3g connections” lies in the Netbalancer section, and so it cannot be disabled totally. Also, pinning specific connections to specific interfaces, is carried out very nicely by the balancing rules, whether they are in active or in spare mode, regardless of their weightage given !
So, my only request is for the possiblity of a “StandAlone” mode too, apart from the other two modes available currently.
Thank you ppalias, as your suggestion of http proxy interfering with my firewall rules, helped me out.
As I required http proxy to be running for atleast one connection, I just shifted these modems to another vmware based zeroshell setup, where proxy was DOWN and all my Firewall Rules were followed to the letter. Thank you very much. Also, many thanks to Fulvio for making it so easy to configure, anything in Zeroshell.
Also, can you suggest with your experience, whether :
1. A workaround is possible to stop the Netbalancer from hopping to the next available interface, if it senses that the current interface has gone down ? ( I see this message in its logs : Default Route has been changed: nexthop via )
2. This workaround can also be called a “StandAlone” mode as it just follows our dictates in the “netbalancer balancing rules” and does not initiate balancing or failover in this case. Helpful for group of modems with varying cost usage plans and not suitable for use of all. Hope this can be considered as a feature in a new release. And yes, in this case, the “failover checking” just becomes “failure checking” for restarting the modems, individually, should their connections go down !
Yes, I am using http proxy to check for viruses, on the slower interface (ppp1), but not added the other faster interfaces so far.
Also, I have now added these new firewall rules ( hope they are correct )
Seq Input Output Description Log Active
1 * ppp2 REJECT all opt — in * out ppp2 0.0.0.0/0 !-> reject-with icmp-port-unreachable yes
2 * ppp3 REJECT all opt — in * out ppp3 0.0.0.0/0 !-> reject-with icmp-port-unreachable yes
I have currently brought these fast interfaces down as a precautionary measure.
Will activate them by evening today ( GMT 12:30 PM ) and check and revert, if they block appropriately.
As my knowledge of firewall is limited, please guide me on this further, with examples.
Like, for example, if these rules need to be added as well, in pre or post boot or under firewall chain script as well, for getting priority over others.
I want to make it absolutely sure that all website calls, except for my application server’s ip, are blocked on these interfaces, even under failover mode as well.
I am trying to use the Netbalancer only to restart my failed pppoe connections and not for load balancing or failover purposes. Hope I have made myself clear.
Sorry, if I have not made myself clear. I want to block certain ip addresses which must not use these limited fast interfaces. I tried setting firewall rules in the FORWARD chain as follows, but no success. These interfaces are allowing any website calls to go through, instead of blocking them, when they become active in failover mode.
How do I block them ? What chain should I use ? NAT is enabled on these ppp interfaces.
Chain: FORWARD Default Policy ACCEPT
Seq Input Output Description Log Active
1 ETH00 ppp2 REJECT all opt — in ETH00 out ppp2 0.0.0.0/0 !-> reject-with icmp-port-unreachable no
2 ETH00 ppp3 REJECT all opt — in ETH00 out ppp3 0.0.0.0/0 !-> reject-with icmp-port-unreachable no
Here is a genuine ip address of our remote application server. Thank you for any assistance.