From 555636bff894cc910e2feaa31b141835e5ec1dfb Mon Sep 17 00:00:00 2001 From: teastep Date: Sun, 1 Feb 2009 18:35:06 +0000 Subject: [PATCH] Update to IPv6 doc git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9389 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/IPv6Support.xml | 9 +++++---- docs/MultiISP.xml | 39 ++++++++++++++++++++++++++++++--------- 2 files changed, 35 insertions(+), 13 deletions(-) diff --git a/docs/IPv6Support.xml b/docs/IPv6Support.xml index 2d86b1f63..47d1f6a90 100644 --- a/docs/IPv6Support.xml +++ b/docs/IPv6Support.xml @@ -48,7 +48,8 @@ - Kernel 2.6.25 or later. + Kernel 2.6.25 or + later. @@ -493,15 +494,15 @@ ACCEPT net:wlan0:<2002:ce7c:92b4::3> tcp - Shorewall-common 4.3.4 or later. + Shorewall-common 4.2.4 or later. - Shorewall-perl 4.3.4 or later. + Shorewall-perl 4.2.4 or later. - Shorewall6 4.3.4 or later. + Shorewall6 4.2.4 or later. diff --git a/docs/MultiISP.xml b/docs/MultiISP.xml index ece88b7c9..a95c77d36 100644 --- a/docs/MultiISP.xml +++ b/docs/MultiISP.xml @@ -1082,8 +1082,10 @@ shorewall 2 2 - eth0 192.168.1.254 track,balance=2,optional< monitoring script swping. The swping file is available in the main directory contained in the Shorewall-common tarball and is included in the - Shorewall-common documentation directory on the Shorewall-common - RPM. + Shorewall-common documentation directory on the Shorewall-common RPM. + The script is inspired by Angsuman Chakraborty's gwping + script. For those not on 4.2.6 yet, the script may be downloaded from The script should be copied to a directory on root's PATH such as - /usr/local/sbin/. + /usr/local/sbin/. + + The script works by sending pings to target + IP addresses through each external interface. These targets must not + depend on any routes other than those that are present in the main + routing table. That ensures that a route is available to the target even + when the target's interface is not working and Shorewall has omitted it + from the routing configuration. An interface is assumed to be + up when a specified number (UP_COUNT) of + consecutive ping operations succeed. Similarly, an interface is assumed + to be down when a specified number (DOWN_COUNT) + of consecutive ping operations fail. You can specify the interval + between pings (PING_INTERVAL). The script monitors two interfaces but it is a trivial exercise to extend it to more than two. At the top are a number of variables to @@ -1108,10 +1122,11 @@ shorewall 2 2 - eth0 192.168.1.254 track,balance=2,optional< # FAMILY=4 # -# The commands to run when the status of a line changes. Both commands will be executed. +# The commands to run when the status of a line changes. Multiple commands may be specified +# when separated by semicolons (";") # -COMMANDA= -COMMANDB="ip -$FAMILY route ls" +COMMAND= + ... # # Interfaces to monitor -- you may use shell variables from your params file @@ -1142,7 +1157,7 @@ UP_COUNT=5 # DOWN_COUNT=2 - If you leave COMMANDA empty, the script sets its value + If you leave COMMAND empty, the script sets its value automatically depending on whether Shorewall-lite is installed. When the status of an interface changes: @@ -1151,8 +1166,9 @@ DOWN_COUNT=2 For each interface, a file is placed in /etc/shorewall to record the status of the interface: either 0 (UP) or 1 (DOWN). The - name of the file is interface.status where - interface is the interface (e.g., + name of the file is + interface.status + where interface is the interface (e.g., eth0.status). @@ -1212,6 +1228,11 @@ fi run two copies; one for IPv4 and one for IPv6. + + It can only detect the gateway for interfaces managed by + dhcpcd. + + It's method of determining whether an interface is up or down is crude. You will normally specify the default gateway for each