-----Original Message-----
From: Tom Eastep [mailto:[email protected]]
Sent: Tuesday, 10 January 2012 10:07 AM
To: Shorewall Users
Subject: Re: [Shorewall-users] Shorewall gateway - routing issue with dual wan
(looking to report possible bug ?)
On Tue, 2012-01-10 at 06:27 +1100, Nick wrote:
> I have dual wans setup very similar to the dual wan guide. I used two
> modems in bridged mode, and PPPOE to authenticate on a Gentoo box.
>
>
>
> Simply put the issue is at times my ISP hands out the same gateway
> address on both connections. When this happens shorewall fails to
> start.
>
>
>
> Most of the time the two ISP gateways are 203.33.255.118 and
> 203.33.255.161 though randomly when pppoe restarts I will be
> assigned the same gateway to both connections. I do have two static
> IP’s that are assigned from my ISP via DHCP.
> I can simulate this by editing the providers file like so:
>
>
>
> NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY
> OPTIONS COPY
> isp1 1 512 main eth1 10.100.11.10
> track,balance eth0
> isp2 2 256 main eth2 10.100.11.10
> track,balance eth0
> this is the same error that occurs when I am using the pppoe setup:
>
> RTNETLINK answers: No such process
>
> ERROR: Command "ip -4 route replace default scope global table 254
> nexthop via 10.100.11.10 dev eth1 weight 1 nexthop via 10.100.11.10
> dev eth2 weight 1" Failed
>
> This has driven me mad for 6 months now, and I hope someone can
> provide a solution other than putting the modems into NAT with
> permanent different gateways. My knowledge of routing is just enough
> to get me into trouble.
>
> I am happy to provide any further information, I run Gentoo and have
> updated, patched and rebuilt kernels over the last six months to
> attempt to sort this.
>
> I suspect that Its pretty rare that anyone would have (or want) two
> identical gateways working on their network on different interfaces,
> but I hope that at least a simple test could be added to shorewall to
> prevent this occurring to others.
With PPPOE, you shouldn't be specifying the gateway address on your PPP
devices. If you just leave the GATEWAY column empty ("-"), this problem
shouldn't occur.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
Cheers Tom,
Originally I had shorewall set to detect the gateway. This setup was crashing
randomly when pppoe restarted the connection with this kind of error:
ERROR: Command "ip -4 route replace default scope global table 254
nexthop via 203.33.255.161 dev eth1 weight 1 nexthop via 203.33.255.161
dev eth2 weight 1" Failed
Though from memory the error had the DNS name of the gateway.
I have stopped this error by putting the modems into NAT mode so they are
authenticating using pppoe and give shorewall a static unique gateway.
I can reproduce the error by setting the gateways to the same address.
I don’t have the ability to control the gateway assigned to me on the PPPOE
session and occasionally my ISP will assign me the same gateway via DHCP over
the PPPOE connection.
Since this setup is reasonably difficult to reproduce I have demonstrated an
easy method to reproduce the issue by editing the providers file.
I am simply doing this to assist in improving shorewall as I do have a work
around. :)
Considerable time and effort has gone into researching this issue with nothing
found on the internet to suggest that Shorewall is incapable of operating two
ISP if they happen to use the same gateway.
Hope this helps make it clearer,
Nick.
------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create
new or port existing apps to sell to consumers worldwide. Explore the
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
