On 3/13/2012 12:59 PM, Tom Eastep wrote:
Just to make sure I understand, are you saying that I do NOT need to restart shorewall if pppd doesn't add a default route for ppp0?On 03/13/2012 10:29 AM, Tom Eastep wrote:On 03/13/2012 10:19 AM, Don Tucker wrote:On 3/13/2012 11:55 AM, dtucker wrote:On 2012-03-12 18:08, Tom Eastep wrote:On 3/12/12 4:00 PM, "dtucker"<[email protected]> wrote:After changing the entries in the DUPLICATE and COPY columns of /etc/shorewall/providers to '-' and adding KEEP_RT_TABLES=Yes ROUTE_FILTER=No USE_DEFAULT_RT=Yes I was able to get pings to work out of the ppp0 interface when brought up, and then to continue to work out of the eth2 interface when the ppp0 interface is brought down. However, I am still unable to get pings to work out of BOTH interfaces when they are both up at the same time. Any ideas on how to enable that? Pinging out eth2 when ppp0 is up just hangs (there is no "Destination host unreachable" error like before).For *any* Multi-ISP issue, we need to see the output of 'shorewall dump' to be able to help. See http://www.shorewall.net/Support.htm for instructions. -TomI've attached the results of 'shorewall dump.' I successfully pinged out (Google.com) eth2, brought up ppp0, successfully pinged out ppp0, and then attempted (unsuccessfully) to ping out eth2. Thanks in advance to anyone who is able to take a look at it. I received some "RTNETLINK: invalid argument" errors when executing the dump. Just scanning the results of the dump, I didn't see anything related to ppp0. I DID see some things in the iptables related to connectivity state (ESTABLISHED, RELATED). I don't understand how those could be in there, since I haven't entered in any new rules for Shorewall yet (other than ACCEPT all). Before using Shorewall I had iptables set up with connectivity state rules, but I did an iptables -F and an iptables-save before rebooting and Shorewall starting. DonAfter manually reflushing iptablesWhy are you doing that? It is totally unnecessary.and restarting Shorewall, I repeated the above test. This time ppp0 appeared in the IP Configuration section of the dump. I've attached that file as well, in case it is more relevant that the previous one.The problem here is that bringing up ppp0 is plopping a default route into the main routing table. You need to restart shorewall once ppp0 is up and running.Or better yet, configure ppp0 so that no default route is generated. That way, you can put '-' in the GATEWAY column of ppp0's providers entry. You are running a fairly old version of Shorewall (4.4.11.6) which doesn't support the 'enable' and 'disable' commands. Those commands allows you to bring up and take down interfaces without restarting Shorewall (providing that bringing up the interface doesn't create a default route in the main RT). -Tom
I tried putting 'nodefaultroute' into /etc/ppp/options, but pon would no longer bring up the interface for some reason. Instead, I deleted the default route as soon as the connection comes up by putting a script into /etc/ppp/ip-up.d to "ip route del default dev ppp0". The result of then bringing ppp0 up was that I could neither ping out of ppp0 nor eth2. After restarting shorewall, I could then ping out of ppp0, but still not eth2. Pinging out eth2 returned the "Destination Host Unreachable" error. Attached is the shorewall dump after having restarted shorewall.
4.4.11 was the latest version that I could find through "aptcache showpkg shorewall". I was wary of trying to install from the .deb and manually managing all of the dependencies that might be required.
Thank you for your help! Don
restart.txt.gz
Description: application/gzip
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
