-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 11/08/2016 11:56 AM, Brian J. Murrell wrote: > On Tue, 2016-11-08 at 08:16 -0800, Tom Eastep wrote: >> >> I'm surprised that this ever worked. The best way to resolve >> this issue is to switch your configuration to >> USE_DEFAULT_RT=Yes. > > So, out of interest and reading that USE_DEFAULT_RT=No is > deprecated, I thought I would try this on my IPv4 shorewall > configuration. With the following providers: > > CGCO 1 0x100 - eth0.2 detect > balance,nohostroute - DSL 2 0x200 - > pppoe-wan1 - fallback,nohostroute - Squid 3 0x400 > - br-lan > 10.75.22.247 loose,notrack > > I don't get what I would expect in the default routing table, but > rather quite the opposite: > > # ip route ls table default default dev pppoe-wan1 scope link > metric 2 > > But trying the same with shorewall6, I get: > > ERROR: Only one 'balance' provider is allowed with IPv6 > > with the following providers, none of which I specified balance > for: > > CGCO 1 0x100 - 6to4-cogeco ::192.88.99.1 > nohostroute - DSL 2 0x200 > - pppoe-wan1 - fallback,nohostroute - Squid > 3 0x400 - br-lan > fd31:aeb1:48df:0:214:d1ff:fe13:45ac loose,notrack HENET 4 0x300 > - > 6in4-henet 2001:111:1a:666::1 nohostroute - > > Any ideas on either of those issues? >
The first isn't an issue -- the balance provider's default route is in the 'balance' table. The second is solved by upgrading to 5.0.14[.1]. The early IPv6 kernel implementation of IPv6 did not support multi-nexthop routes so Shorewall6 didn't either. Now that the kernel supports such routes, that support has been added to Shorewall6. - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJYIkm9AAoJEJbms/JCOk0QfuQQALbhB0zBuIQTOYqiUXKYzE6i KpX9/VZmQD7X2P7N7Un3si2K8Xum25O65eCIz9M5jjYASSpmpl5euzc0/Fc5fcGO ALvABVpTPehbPdVouRYcXLuYQkuGwyUVBlr1e+jO1N0yjQkGepLhRVae0m+cZKOG 5j2SoDHBEGjmoCLHZ4p5HRUPv6bXzBYnCKhDg+Xom3HF8DR21uB1B1bi/8/xt2rm 8ENwnQiWee2Lwvss70AFKXAvDcAzD/p1erRQPcI1MXfy0AzBu1HCOIb3yVphyb/J xoAm5qvDwtGNwtoKoDnes3qEsOY/7Ybg0t6krxV+bRcR0C6HOJBm3UeG3mzj6TqF nU+aecM8ATgVBSI/Krban592j6+r5jCrChxOE2iU/lz2YGAUso2iKFcOc0JXWAYo YMmXWVqpIoSW00wLLlT7RZVLGeAixUEHajw7++NsQII5RTn3ji/ZW1IsXK4z7h8y 4ZquPmE6xY3U7GNw+sWQDcJQzZhWSYObrgNIgjQVb3zpiFH8e7r8wUVhYnzyuFHA 5G2dVs7ZMT2YBap1SWAErLH3iESp61ApbeU9wLzIkrRgONFZBJt24H8myL83l+BH XUq33z/jgddh80CcEuTznzsiFeAxBq4wHEZKydgc3vEqipHqzKc+q6j0gLGH7BeV 8TDXdmIFbn8biXtLMAAc =VjsC -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
