On 5/7/11 8:22 PM, Tom Eastep wrote: > On 5/7/11 9:02 AM, Sebastian Tänzer wrote: >> OK, this solves the problem. >> >> I'm still left with eth1 not working as first ISP. Interface itself works >> and I can reach outside domains through it from the firewall. >> When restarting shorewall it gives me: >> >> Adding Providers... >> RTNETLINK answers: No such process >> ERROR: Command "ip -4 route add default via 95.223.244.1 src 88.153.50.70 >> dev eth1 table 1" Failed >> >> Any ideas on this? >> >> The configuration worked like a charm for weeks now and I absolutely did not >> change a thing. >> eth1 is a cable modem configured as dhcp auto. > > I've compiled your old configuration; the following two commands are > executed in sequence: > > run_ip route replace $SW_ETH1_GATEWAY src $SW_ETH1_ADDRESS dev eth1 table 1 > > run_ip route add default via $SW_ETH1_GATEWAY src $SW_ETH1_ADDRESS dev > eth1 table 1 > > From the error message you posted, we can see that $SW_ETH1_ADDRESS is > 95.223.244.1. 'run_ip' stops the firewall (or restores the last saved > configuration if any) if the command fails. So the first command is > apparently succeeding but the second is failing with an error message > that suggests that the first command failed. > > As an experiment please try: > > ip route replace 95.233.244.1 src 88.153.50.70 dev eth1 table 99 > ip route add default via 95.233.244.1 src 88.153.50.70 dev eth1 table 99 > > What happens?
I can actually answer that myself. I did an experiment with a
configuration similar to yours and produced the same failure. I was able
to work around the problem by adding a host route to 95.223.244.1 *in
the main* table:
ip route add 95.233.244.1 src 88.153.50.70 dev eth1
The DHCP client should have added that route but apparently did not (or
it was deleted somehow). Given that your configuration has worked in the
past, the route must have been there until recently.
Finally, the Shorewall-generated routing rules in 4.4.19.1 are the same
as those generated by 4.4.11.6.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
