Tal Hazan wrote: > Hello, > > > > I’m receiving this error while restarting/starting Shorewall : > > > > Processing /etc/shorewall/init ... > > WARNING: default route ignored on interface vlan20 > > WARNING: default route ignored on interface vlan10 > > WARNING: default route ignored on interface vlan30 > > WARNING: default route ignored on interface vlan50 > > WARNING: default route ignored on interface vlan100 > > > > My route –n output is :
<output deleted> It seem that your routing configuration was put together by someone who mistakenly believes that every interface must be configured with a default route. Clearly that person doesn't understand the basics of IPv4 routing (I've told you before about where you need default routes and where you don't but you apparently aren't listening). The Shorewall warnings usually occur when the user has placed the name of an interface in the SOURCE column of /etc/shorewall/masq. Netfilter doesn't support specification of a source interface on MASQUERADE/SNAT rules so Shorewall must parse the output of 'ip route ls dev <interface>' to determine the networks routed out of that interface. It then uses those networks as the source for the iptables MASQUERADE/SNAT rule(s). A default route is a route to 0.0.0.0/0. I ignore those routes because to go ahead and use it would cause all traffic leaving the interface to be masqueraded/snatted; it is clearly a case of the user specifying the wrong interface (probably has the two interface names reversed) or it is a case of the routing configuration being bogus. In your case, it appears to be the latter. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
