Just a preview of the new web interface:
What do you think @Adam?
3 Likes
I LOVE such previews 
1 Like
Very nice improvement! I can’t wait to test this!
I wasn’t aware that you could put multiple IPs in the Check IP field. What does that accomplish? Does it ping both simultaneously on all WAN connections?
Yes. And the link goes down if all CheckIPs are unreachable.
Very cool! I like that a lot more than being dependent on one check server. Please do let me know when this is ready for testing. 
1 Like
This new multi-wan implementation has two pre-requisites: the latest version of lsm (0.190) which contains a fix to use more than one checkip and the next version of shorewall (the new implementation is already available in shorewall 5.0.2beta1).
As soon as shorewall 5.0.2 is released, we should be able to release a test version of multi wan.
3 Likes
The new implementation is available for testing and it’s working even with current release of Shorewall with some hacks.
I’d love a long and accurate testing for this feature. If anyone want to put it on production environment, feel free to quickly ask support to me or @filippo_carletti (but please, take care to study a little Linux routing before 
)
Reference issue: http://dev.nethserver.org/issues/3289
1 Like
@nas , @mabeleira, @medworthy, @dz00te, @jgjimenezs, @JOduMonT, @GG_jr, @Adam that’s your match 
2 Likes
How do I view ip rules and ip routes? I’m looking in /etc/shorewall/rules, /etc/shorewall/rtrules, and other config files… is that right?
Nope
You must use ip command.
Some examples:
ip route
ip rule
ip route show table balance
See also: Linux Advanced Routing & Traffic Control HOWTO
But, do not focus too much on this, as first steps just tests the feature as “how you expect it should work”.
In other words check if the behavior is good and hosts inside the LAN can access the internet even when a providers change its state 
1 Like
Thanks. I was trying to investigate some routing issues. I’ll post my findings on redmine in a few minutes.
I’m on it! 
1 Like
Thank you, I just saw the bug is verified!
1 Like
Yep! The only issue I’m seeing now is with connection tracking. @filippo_carletti said he was going to create an issue for it. Is there a way to reset connection tracking upon a lsm event?
I’m still not convinced that cutting connections by default is a good idea.
I’ll try to explain my point of view.
Imagine some ssh connection going through the firewall provider 1, which goes down for a brief time (less than 5 days actually): if we do not clear the conntrack table, my connections will probably remain up (and I usually have many open ssh connections).
If we use different stateless protocols (http) we will not have problems at all.
The only case I can imagine where you need to clear conntrack is when testing with ping.
Am I missing some scenarios?
In case, we could add a switch to enable/disable conntrack cleaning.
I see your point. Any stateful services/applications that are in use could be disconnected and reconnected after a few seconds and they would then reestablish over the other wan connection. Most applications will detect the connection dropped and disconnect or start a retry countdown…ssh doesn’t?
So maybe it’s not really an issue… I’ll see if I can do some testing with RDP and some common Jabber, FTP, and telnet clients. Any other common stateful applications I should test? I would assume if the standard retry periods of some of these common applications are greater than the timeout for connection tracking, everything should be fine.
Thanks to @Adam this feature has been released.
Just be a little patient for the documentation
1 Like
I’m using the new implementation on some firewalls in production. So far I’m fairly satisfied with the update.
I had to tune packet loss percentage to 50% on an unstable adsl line to avoid some false positives link status change.
Just to update… I did some testing and everything works perfectly!
3 Likes