On 03/13/2012 10:29 AM, Tom Eastep wrote: > On 03/13/2012 10:19 AM, Don Tucker wrote: >> >> On 3/13/2012 11:55 AM, dtucker wrote: >>> On 2012-03-12 18:08, Tom Eastep wrote: >>>> On 3/12/12 4:00 PM, "dtucker"<[email protected]> wrote: >>>> >>>>> After changing the entries in the DUPLICATE and COPY columns of >>>>> /etc/shorewall/providers to '-' and adding >>>>> >>>>> KEEP_RT_TABLES=Yes >>>>> ROUTE_FILTER=No >>>>> USE_DEFAULT_RT=Yes >>>>> >>>>> I was able to get pings to work out of the ppp0 interface when brought >>>>> up, and >>>>> then to continue to work out of the eth2 interface when the ppp0 >>>>> interface is >>>>> brought down. However, I am still unable to get pings to work out >>>>> of BOTH >>>>> interfaces when they are both up at the same time. Any ideas on how to >>>>> enable >>>>> that? Pinging out eth2 when ppp0 is up just hangs (there is no >>>>> "Destination >>>>> host unreachable" error like before). >>>> For *any* Multi-ISP issue, we need to see the output of 'shorewall dump' >>>> to be able to help. See http://www.shorewall.net/Support.htm for >>>> instructions. >>>> >>>> -Tom >>>> >>> I've attached the results of 'shorewall dump.' I successfully pinged out >>> (Google.com) eth2, brought up ppp0, successfully pinged out ppp0, and >>> then >>> attempted (unsuccessfully) to ping out eth2. Thanks in advance to >>> anyone who is >>> able to take a look at it. I received some "RTNETLINK: invalid >>> argument" errors >>> when executing the dump. >>> >>> Just scanning the results of the dump, I didn't see anything related >>> to ppp0. >>> I DID see some things in the iptables related to connectivity state >>> (ESTABLISHED, RELATED). I don't understand how those could be in >>> there, since I >>> haven't entered in any new rules for Shorewall yet (other than ACCEPT >>> all). >>> Before using Shorewall I had iptables set up with connectivity state >>> rules, but >>> I did an iptables -F and an iptables-save before rebooting and Shorewall >>> starting. >>> >>> Don >> After manually reflushing iptables > > Why are you doing that? It is totally unnecessary. > >> and restarting Shorewall, I repeated >> the above test. This time ppp0 appeared in the IP Configuration section >> of the dump. I've attached that file as well, in case it is more >> relevant that the previous one. > > The problem here is that bringing up ppp0 is plopping a default route > into the main routing table. You need to restart shorewall once ppp0 is > up and running. >
Or better yet, configure ppp0 so that no default route is generated. That way, you can put '-' in the GATEWAY column of ppp0's providers entry. You are running a fairly old version of Shorewall (4.4.11.6) which doesn't support the 'enable' and 'disable' commands. Those commands allows you to bring up and take down interfaces without restarting Shorewall (providing that bringing up the interface doesn't create a default route in the main RT). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
