This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multipath not working since update to 9.601-5

Hi all,

one of my customers is contantly complaining about not being able to send mails.

So i looked for the issue ...

 

et voila ---> 2019:04:02-10:01:16 fw service_monitor[445]: id="4003" severity="error" sys="System" sub="loadbalancing" name="Cant open file /proc/net/ip_scheduler/multipath!"

So all outgoing emails should go over one interface ... for that multipath rules have been created ...

 

Anyone encountered this, too ?

 

Cheers,

Chris



This thread was automatically locked due to age.
Parents
  • Chris, have you tried using "External (Address)" instead of "Any" in those rules?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,
    Can you explain that to me please ... I do not understand that.
    I think "any" means "any internal address" that should use a special WAN interface when sending SMTP to the Internet ...
    How can "External (address)" instead of "Any" in these rules match an internal source?
    Greetings Dirk

     


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Hi Dirk,

    In packetfilter rules, using Any didn't in the past always include traffic originating from an interface address.  Using the "(Address)" object would force the rule to apply to the INPUT or OUTPUT chain instead of the FORWARD chain.  I think that traffic coming out of a Proxy might need to be SNAT'd from an Additional Address using the original Source as "External (Address)."  I'm guessing that the same might apply to Multipath rules, but I haven't tried it.  I'd like to know his result.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi Dirk,

    In packetfilter rules, using Any didn't in the past always include traffic originating from an interface address.  Using the "(Address)" object would force the rule to apply to the INPUT or OUTPUT chain instead of the FORWARD chain.  I think that traffic coming out of a Proxy might need to be SNAT'd from an Additional Address using the original Source as "External (Address)."  I'm guessing that the same might apply to Multipath rules, but I haven't tried it.  I'd like to know his result.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data