SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
Anonymous | Login | 2021-01-27 10:14 UTC | ![]() |
Main | My View | View Issues | Change Log | Roadmap |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||||
0002526 | Endian Firewall | Network related (VPN, uplinks) | public | 2009-12-11 19:56 | 2012-05-10 14:51 | ||||||
Reporter | nasir | ||||||||||
Assigned To | peter-endian | ||||||||||
Priority | normal | Severity | major | Reproducibility | have not tried | ||||||
Status | confirmed | Resolution | open | ||||||||
Platform | OS | OS Version | |||||||||
Product Version | 2.3 | ||||||||||
Target Version | future | Fixed in Version | |||||||||
Summary | 0002526: fail-over between 2 static Ethernet interfaces with the same DNS resolvers (same provider) does not work | ||||||||||
Description | the setup is 2 Ethernet interfaces as main and uplink1 are working fine when they are activated and deactivated through the web interface. But when the main link Ethernet port is disconnected (VMWARE ESXi vm) the link is reported dead but the backup link uplink1 is not used properly as reports from the main link ip address are returned as destination unreachable. after looking around I found that if I delete one rule from the policy router 199: from all fwmark 0x7e0/0x7f8 lookup uplink-main I can restore connectivity through the backup link. | ||||||||||
Additional Information | ip rule ---> when both links are up 0: from all lookup local 10: from all to 63.210.62.24/29 lookup main 10: from all to 63.210.32.0/24 lookup main 10: from all to 192.168.177.0/24 lookup main 10: from all to 192.168.155.0/24 lookup main 199: from all fwmark 0x7e0/0x7f8 lookup uplink-main 199: from all fwmark 0x7d8/0x7f8 lookup uplink-uplink1 200: from 63.210.62.30 lookup uplink-main 200: from 63.210.32.129 lookup uplink-uplink1 32766: from all lookup main 32767: from all lookup default ip rule ---> when main link is dead 0: from all lookup local 10: from all to 63.210.62.24/29 lookup main 10: from all to 63.210.32.0/24 lookup main 10: from all to 192.168.177.0/24 lookup main 10: from all to 192.168.155.0/24 lookup main 199: from all fwmark 0x7e0/0x7f8 lookup uplink-main 199: from all fwmark 0x7d8/0x7f8 lookup uplink-uplink1 200: from 63.210.62.30 lookup uplink-main 200: from 63.210.32.129 lookup uplink-uplink1 32766: from all lookup main 32767: from all lookup default ip rule ---> when main link is 0: from all lookup local 10: from all to 63.210.62.24/29 lookup main 10: from all to 63.210.32.0/24 lookup main 10: from all to 192.168.177.0/24 lookup main 10: from all to 192.168.155.0/24 lookup main 199: from all fwmark 0x7d8/0x7f8 lookup uplink-uplink1 200: from 63.210.32.129 lookup uplink-uplink1 32766: from all lookup main 32767: from all lookup default from the web | ||||||||||
Tags | purple | ||||||||||
Attached Files | |||||||||||
![]() |
|
(0003549) nasir (reporter) 2009-12-12 00:14 |
After further tests, I found that the problem is only with dns resolution, and the issue is that you can not use the same dns servers for the main and the backup link as they are marked with a fwmask that force them to replay through the main link which is dead. I believe this has to be addressed as using the same dns servers is very likely if you use 2 uplinks from the same ISP. |
(0003696) toeyhack (reporter) 2010-01-23 18:22 |
Hi,I also found same problem. How can I do if I use 2 uplink from same ISP ?? Can I solve this problem by use another DNS IP address ( DNS IP of another isp ) for the second uplink ?? |
(0003956) peter-endian (administrator) 2010-03-05 15:58 |
you can use every dns resolver you want as long as they allow you to use it those dns policyrouting rules are created in order that dns requests don't exit through the wrong uplink. many provider don't let you use their dns resolver if you don't come from an ip address of their network. having 2 uplinks of the same provider is a good point. we should make this enforcement optional additionally you can use one resolver on the main uplink and the other on the uplink1. |
(0007860) Danoh (reporter) 2012-05-10 14:51 |
This needs to be resolved. This is a BIG problem for those who use OpenDNS - we can't use OpenDNS's nameservers on both the Main and Backup uplinks. Please fix this, it coming up on 3 years. |
![]() |
|||
Date Modified | Username | Field | Change |
2009-12-11 19:56 | nasir | New Issue | |
2009-12-12 00:14 | nasir | Note Added: 0003549 | |
2010-01-23 18:22 | toeyhack | Note Added: 0003696 | |
2010-03-05 15:58 | peter-endian | Note Added: 0003956 | |
2010-03-05 15:58 | peter-endian | Status | new => confirmed |
2010-09-07 14:45 | luca-endian | Tag Attached: purple | |
2010-09-21 19:11 | peter-endian | Target Version | => future |
2010-09-21 19:11 | peter-endian | Summary | fail-over between 2 static Ethernet interfaces dos not work => fail-over between 2 static Ethernet interfaces with the same DNS resolvers (same provider) does not work |
2011-02-02 09:49 | luca-endian | Customer Occurencies | => 4-6 |
2011-02-03 14:52 | lorenzo-endian | Assigned To | => peter-endian |
2011-02-03 14:52 | lorenzo-endian | Severity | minor => major |
2012-05-10 14:51 | Danoh | Note Added: 0007860 |
Copyright © 2000 - 2012 MantisBT Group |