Hi,
I'm using shorewall 5.1.5.1 on archlinux and having some problems configure
archlinux with my dual isp setup and two separated internal networks.
The kernel I am using is the following one:
Linux router001 4.9.40-1-lts #1 SMP Fri Jul 28 21:45:40 CEST 2017 x86_64
GNU/Linux
The problem is that I have internet access from only one of the two
internal networks (10.3.0.0/16 and 10.4.0.0/16). The working network is
10.3.0.0/16 and the network that does not have internet access is
10.4.0.0/16.
In the journal I find these log entries when I ping the 8.8.8.8 address
(google dns):
Aug 06 15:30:13 router001 kernel: FORWARD DROP IN=ens161 OUT=ens192
MAC=00:0c:29:bd:cb:26:d0:b2:c4:23:bb:fb:08:00 SRC=8.8.8.8 DST=10.4.2.209
LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=0 PROTO=ICMP TYPE=0 CODE=0 ID=1 SEQ=2586
Aug 06 15:30:13 router001 kernel: FORWARD DROP IN=ens161 OUT=ens192
MAC=00:0c:29:bd:cb:26:d0:b2:c4:23:bb:fb:08:00 SRC=8.8.8.8 DST=10.4.2.209
LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=0 PROTO=ICMP TYPE=0 CODE=0 ID=1 SEQ=2586
Aug 06 15:30:17 router001 kernel: FORWARD DROP IN=ens161 OUT=ens192
MAC=00:0c:29:bd:cb:26:d0:b2:c4:23:bb:fb:08:00 SRC=8.8.8.8 DST=10.4.2.209
LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=0 PROTO=ICMP TYPE=0 CODE=0 ID=1 SEQ=2587
Aug 06 15:30:22 router001 kernel: FORWARD DROP IN=ens161 OUT=ens192
MAC=00:0c:29:bd:cb:26:d0:b2:c4:23:bb:fb:08:00 SRC=8.8.8.8 DST=10.4.2.209
LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=0 PROTO=ICMP TYPE=0 CODE=0 ID=1 SEQ=2588
Aug 06 15:30:27 router001 kernel: FORWARD DROP IN=ens161 OUT=ens192
MAC=00:0c:29:bd:cb:26:d0:b2:c4:23:bb:fb:08:00 SRC=8.8.8.8 DST=10.4.2.209
LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=0 PROTO=ICMP TYPE=0 CODE=0 ID=1 SEQ=2589
I see also those two errors when I check the shorewall config with
shorewall try.
Compiling using Shorewall 5.1.5.1...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
Determining Hosts in Zones...
Locating Action Files...
Compiling /etc/shorewall/policy...
Running /etc/shorewall/initdone...
Adding rules for DHCP
Compiling TCP Flags filtering...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling /etc/shorewall/providers...
Compiling /etc/shorewall/routes...
Compiling /etc/shorewall/snat...
Compiling MAC Filtration -- Phase 1...
Compiling /etc/shorewall/rules...
Compiling /etc/shorewall/conntrack...
Compiling /etc/shorewall/tunnels...
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast...
Compiling /usr/share/shorewall/action.Multicast for chain Multicast...
Generating Rule Matrix...
Optimizing Ruleset...
Creating iptables-restore input...
Use of uninitialized value in hash element at
/usr/share/shorewall/Shorewall/Rules.pm
line 818.
Use of uninitialized value in concatenation (.) or string at
/usr/share/shorewall/Shorewall/Rules.pm line 823.
Shorewall configuration compiled to /var/lib/shorewall/.reload
Currently-running Configuration Saved to /var/lib/shorewall/.try
WARNING: No ipsets were saved
ERROR: The ipset utility cannot be located - ipsets are not saved
Reloading...
Reloading Shorewall....
Initializing...
Processing /etc/shorewall/init ...
Processing /etc/shorewall/tcclear ...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Proxy ARP...
Adding Providers...
Preparing iptables-restore input...
Running /usr/bin/iptables-restore ...
IPv4 Forwarding Enabled
Processing /etc/shorewall/start ...
Processing /etc/shorewall/started ...
done.
Could someone help me with this problem?
Kind regards,
Roel de Wildt
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
