On Sat, 2008-03-22 at 14:25 -0500, Jerry Vonau wrote: > See Andrew's reply on this issue for context on answers below...
> In /etc/ppp/ip-down(.local) you could source the other provider's
> routing table, replace the default gateway in the main table with such
> info, adjust routing rules if required and flush the routing tables.
I think it's too late by this time. The interface is gone and the
kernel has deleted the routes already.
> No, it's looking for preexisting gateways in the main table which were
> removed with the network scripting.
I don't think so. As I said in my original post, I have traced and
tracked through the networking scripts and the delete is not being done
in userspace by any of them. I believe Andrew's explanation that the
kernel is removing the (multi-hop) default route is spot-on.
> So, can't you use that in params?
I'm just experimenting with that, but my experiments are showing that
the params file and any variable substitutions into config files (such
as "providers") is evaluated at rule (i.e. the "firewall" script)
compilation time on the main node.
That means the firewall script has the "current" (as of rule compilation
time) value hardcoded into it and if the gateway changes after the
"firewall" script is generated and copied to the shorewall-lite machine,
any future attempt to rest{art,ore} will not work. The value needs to
be evaluated/calculated at every policy installation time (i.e. on the
-lite machine when a rest{ore,art} is executed).
> Third option, fix the network scripts.
As per above, it's not the network scripts that's causing this problem.
b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
