On 12/02/2015 08:15 AM, Laurie Brown wrote: > Hi folks, > > I'd greatly appreciate some help with a problem that has soaked up a lot > of time, and has me stumped so far, please. > > First some background: > > I've had a Gentoo-based 4-NIC firewall happily running an earlier > version of Shorewall for several years. Recently it died, and when I > built a new one, I installed Ubuntu 14.04 LTS and Shorewall 4.5.21.6. > > A great deal seemed to have changed in Shorewall, so I followed the > 3-interface guide, and all was well. I'll explain the zones below, but > for now, the third interface was a DSL line via a DSL modem, with static > IP (/28). > > Having got that far, in order to add in the fourth interface, I followed > the multi-ISP guide, but I just can't get it to work at all. Shorewall > will not start as it says the fourth interface is not usable. My zones > are as follows: > > ---- cut here ---- > dmz ipv4 > loc ipv4 > net0 ipv4 # Eclipse ADSL static > net1 ipv4 # Virgin Media dynamic > ---- cut here ---- > > My interfaces are as follows: > > ---- cut here ---- > loc eth0 > dmz eth1 > net0 eth2 > net1 eth3 > ---- cut here ---- > > My Shorewall version is: 4.5.21.6. > My kernel is: Linux fw1 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 > 03:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux > > It's a standard Ubuntu Server install, but I have turned IPV6 off as > follows in /etc/sysctl.conf: > > # > net.ipv6.conf.all.disable_ipv6 = 1 > net.ipv6.conf.default.disable_ipv6 = 1 > net.ipv6.conf.lo.disable_ipv6 = 1 > > and in /etc/shorewall.conf: > DISABLE_IPV6=Yes > > In a nutshell, the problem I have is that when I start Shorewall, this > is the output: > > ---- cut here ---- > # shorewall -vvvvvv start > Starting Shorewall.... > Initializing... > Setting up ARP filtering... > Setting up Route Filtering... > Setting up Martian Logging... > Setting up Accept Source Routing... > Setting up Proxy ARP... > Disabling Kernel Automatic Helper Association > Adding Providers... > Null Routing the RFC 1918 subnets > Provider ECLI (1) Started > WARNING: Interface eth3 is not usable -- Provider VIRG (2) not Started > Default route 'nexthop dev eth2 weight 1' Added > Preparing iptables-restore input... > Running /sbin/iptables-restore... > IPv4 Forwarding Enabled > done. > ---- cut here ---- > > I'm sure this is something simple I'm missing, but I've looked so long > and hard at it I can't see the wood for the trees! > > I've attached a gzip file of "shorewall dump" done on the machine > immediately after a reboot. > > Many thanks in advance, Laurie. >
What happens if you execute 'shorewall enable eth3'? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
