I'm trying to figure out here... did you accidentally copy your providers
example under the route_rules as well, or is your configuration just that vastly
different from what I have here? I'm running shorewall 4.4.6, it appears there
are no further updates in my distro. I'm trying to dig up more info on the
route_rules file, beyond the man page which doesn't give any examples to work
from, and hopefully can do some testing with that later this evening.
Also, the IPv6 addresses you specified lead me to believe that you may have both
addresses coming from the same HE server. In my case, because I am connected
under two different providers, my tunnels are coming from two different servers
(fmt2 and lax1). This is the particular scenario that they added filtering
against yesterday. If both of your test connections are coming from the same
source, there is no filtering against crossovers between those, so it wouldn't
be a valid test.
On 10/20/2011 11:11 AM, Tom Eastep wrote:
On Thu, 2011-10-20 at 09:39 -0600, Jeff Taylor wrote:
I have also been trying to set up the providers file under shorewall6, but every
time I enable the entries, shorewall6 bombs on restart. Note again that I do
use the providers entries under shorewall with no failures...
Providers:
ISP1 10 10 main sit1 2001:470:8388::1 track
eth1,eth2,eth3,eth5
ISP2 20 20 main sit2 2001:470:f032::1 track
eth1,eth2,eth3,eth5
When restarting, I get the following error in the log:
09:13:09 Adding Providers...
RTNETLINK answers: No route to host
ERROR: Command "ip -6 route add default via 2001:470:8388::1 src
2001:470:8388::1 dev sit1 table 10" Failed
Looks like your default gateway has the same IP address as sit1!
Note that I tried doing this with the tunnel device (sit1) and the ethernet
device (eth0), making the appropriate changes to providers and interfaces. I'm
just completely lost here, I don't know what I'm missing.
I just allocated a second tunnel from HE and set up providers:
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY
OPTIONS COPY
HE1 1 - main sit1 2001:470:a:227::1
track mac,br0,eth1,eth2
HE2 2 - - sit2 2001:470:a:787::1
track
and route_rules:
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY
OPTIONS COPY
HE1 1 - main sit1 2001:470:a:227::1
track mac,br0,eth1,eth2
HE2 2 - - sit2 2001:470:a:787::1
track
I only encountered one problem in that I had to remove the word 'cache'
from the output of 'ip -6 route ls' when copying routes from main to
table 1. Patch attached.
-Tom
------------------------------------------------------------------------------
The demand for IT networking professionals continues to grow, and the
demand for specialized networking skills is growing even more rapidly.
Take a complimentary Learning@Ciosco Self-Assessment and learn
about Cisco certifications, training, and career opportunities.
http://p.sf.net/sfu/cisco-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
The demand for IT networking professionals continues to grow, and the
demand for specialized networking skills is growing even more rapidly.
Take a complimentary Learning@Cisco Self-Assessment and learn
about Cisco certifications, training, and career opportunities.
http://p.sf.net/sfu/cisco-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
