Well I'm still having a tough time getting this to work and I can't
figure out why, I am most likely missing something or misconfiguring
something.
I have two providers, one is local to the box with a static IP (DSL) on
it's own interface (eth0), the other is on eth1 hanging off a wireless
router with a static address (eth1). eth2 serves my LAN at 192.168.1.0/24
Goal is to use the DSL as the main source and the cable as a backup and
route particular traffic over it.
Here is my /etc/network/interfaces:
# eth0
# CenturyLink DSL
auto eth0
iface eth0 inet static
address 76.5.159.171
netmask 255.255.255.224
gateway 76.5.159.161
# virtual interface to DSL modem
auto eth0:0
iface eth0:0 inet static
address 192.168.2.2
netmask 255.255.255.0
# eth1
# comcast
# static config towards wireless router
auto eth1
iface eth1 inet static
address 192.168.10.1
netmask 255.255.255.0
gateway 192.168.10.2
# eth2
# interface facing local LAN 10/100/1000
auto eth2
iface eth2 inet static
address 192.168.1.1
netmask 255.255.255.0
/etc/shorewall/providers:
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY
OPTIONS COPY
CenturyLink 1 - main eth0 76.5.159.161
track,balance eth2
Comcast 2 - main eth1 detect
track,loose,fallback eth2
If I leave eth1 down, shorewall is happy but will complain about it and
start normally. However, when I bring eth1 up, I get two default route
entries in the routing tables, which I find odd and I'm not sure how to
correct that:
(without eth1 online)
bubastis:/etc/shorewall# ip route list
76.5.159.160/27 dev eth0 proto kernel scope link src 76.5.159.171
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.2
192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.1
default via 76.5.159.161 dev eth0
(with eth1 online)
bubastis:/etc/shorewall# ip route list
76.5.159.160/27 dev eth0 proto kernel scope link src 76.5.159.171
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.2
192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.1
192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.1
default via 192.168.10.2 dev eth1
default via 76.5.159.161 dev eth0
If I attempt to start shorewall with eth1 enabled, I get this error:
Adding Providers...
RTNETLINK answers: File exists
ERROR: Command "ip -4 route replace default scope global table 254
nexthop via 76.5.159.161 dev eth0 weight 1" Failed
Running /sbin/iptables-restore...
IPv4 Forwarding Enabled
/usr/share/shorewall/lib.common: line 63: 6627 Terminated
$SHOREWALL_SHELL $script $options $@
So I'm stuck and largely confused :(
Also worth mentioning, on a seperately related issue, that since
upgrading to 4.4.11 I am seeing this upon restart:
touch: cannot touch `/var/lock/subsys/shorewall': No such file or directory
Not a big deal as I could probably just make the directory myself, but
thought it was worth mentioning....
Thanks,
Stephen
------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share
of $1 Million in cash or HP Products. Visit us here for more details:
http://ad.doubleclick.net/clk;226879339;13503038;l?
http://clk.atdmt.com/CRS/go/247765532/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
