> Here's the patch extracted from that web page.
>
> Also attached is a patch that cleans up a few more cases of table
> numbers/names and 'route replace'.
>
Hmm, I found a few annoying bits (following last) and one problem for
which I can't figure out the cause (and I've been banging my head for
the past hour). Here it is:
providers
~~~~~~~
dmz 2 - main eth0 <gw_address> - none
This produces, among other things, the following set of statements:
start_provider_dmz() {
[...]
run_ip route replace <gw_address> src $SW_ETH0_ADDRESS dev eth0
run_ip route add <gw_address> src $SW_ETH0_ADDRESS dev eth0
table dmz
run_ip route add default via <gw_address> src $SW_ETH0_ADDRESS
dev eth0 table dmz
Now, during "start" (I tried "reload" first though) I get this message:
Mar 26 01:53:59 test1 shorewall[13102]: Adding Providers...
Mar 26 01:53:59 test1 shorewall[13102]: RTNETLINK answers: File exists
Mar 26 01:53:59 test1 shorewall[13102]: ERROR: Command "ip -4 route
add <gw_address> src <eth0_address> dev eth0 table dmz" Failed
Mar 26 01:53:59 test1 root: ERROR:Shorewall restart failed
I may be mistaken, but from the above 3 statements the last two are
identical I think, yet I get the error message from ip about the second,
not the 3rd statement. What is more puzzling is that when I attempt to
execute that statement from the command line, it succeeds.
OK, now for the leftovers...in a few places table numbers are still
appearing instead of names:
start_provider_dmz() {
[...]
$IP -4 -o route show table main | while read net route; do
case $net in
default)
;;
blackhole)
=> run_ip route add table 2 blackhole $route
;;
*)
case $(find_device $route) in
eth0)
case $net in
255.255.255.255*)
;;
*)
=> run_ip route add table 2 $net $route
;;
esac
;;
esac
;;
esac
done
Also, when I have NULL_ROUTE_RFC1918=Yes, I get "run_ip route replace
..." statements. Is that how it is supposed to be (with "replace")?
When I have statements of the sort of:
routes
~~~~
main 10.0.0.0/8 blackhole
main 172.16.0.0/12 blackhole
main 192.168.0.0/16 blackhole
That seems to be translated to:
run_ip route add blackhole 10.0.0.0/8 table 254
echo "$IP -4 route del blackhole 10.0.0.0/8 table 254 >
/dev/null 2>&1" >> ${VARDIR}/undo_main_routing
run_ip route add blackhole 172.16.0.0/12 table 254
echo "$IP -4 route del blackhole 172.16.0.0/12 table 254 >
/dev/null 2>&1" >> ${VARDIR}/undo_main_routing
run_ip route add blackhole 192.168.0.0/16 table 254
echo "$IP -4 route del blackhole 192.168.0.0/16 table 254 >
/dev/null 2>&1" >> ${VARDIR}/undo_main_routing
(note table numbers instead of names).
------------------------------------------------------------------------------
Own the Future-Intel® Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game
on Steam. $5K grand prize plus 10 genre and skill prizes.
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
