On 10/04/2018 03:19 AM, Vieri Di Paola via Shorewall-users wrote: > > > On Wednesday, October 3, 2018, 11:55:30 PM GMT+2, Tom Eastep > <teas...@shorewall.net> wrote: > >> >> Looks to me like an issue with whatever program you are runninq to >> service NFQUEUE... > > Please note that I have the "bypass" option set for NFQUEUE. In any case, I > removed NFQUEUE from my Shorewall configuration to see if it had any effect, > but it didn't. I still witnessed the same behavior. > > So it occurred to me that it could be a basic routing issue. > Now, I don't know how everything got fixed, but it did. > > Here's exactly what I did after reenabling NFQUEUE in my shorewall config: > > I set up my OS to add default gw entries for each interface linked to my > providers (3). > > So, for enp7s0 I set "default gw 192.168.92.1", for enp6s0 "default gw > 192.168.100.1", for enp8s5 "default gw 192.168.101.1". > > After restarting shorewall, lo and behold, everything was working again. > > What puzzles me is that the only 2 differences with my old failing setup (the > one which I already sent a dump file for) are: > 1) previously I only had one default gw for enp8s5 "192.168.101.1" > > 2) I had an older shorewall version (5.1.11.1) > > So I still haven't figured out why it "worked before" with an older > shorewall, but not afterwards. I posted another shorewall dump below to see > if it can be compared with the one posted yesterday: > > This dump was taken when traffic was not working properly: > https://drive.google.com/open?id=1swkElhpnoUenHP_oBAzhvv4edGxmYtm3 > > This other dump was taken today with everything working fine: > https://drive.google.com/open?id=13hGLyHAISIawJIWc5YYhNVzXn_Hj4Qy6 > > It's not really important at this point, but it would be nice to know what > went wrong just so I don't fall into the same trap in the future.
The only significant difference in the two dumps are that in the one that didn't work, each of the interfaces has an DNS Autoconfigured IP address (169.254.0.0/16). Those addresses are not present in the working dumps. That difference should have nothing to do with the default gateways that you added. > > I still have a few questions though before I start fiddling again with my > system. > > If I were to move to my 3-ppp setup, I guess I would need to specify the ppp > option "defaultroute" for each ppp interface, right? I doubt it. > > Also, when starting or restarting shorewall for the first time, I get this > message: > WARNING: Interface enp7s0 is not usable -- Provider ISP1 (1) not Started > > (same thing for the other 2 providers) > > This also happened when I used the pppoe links instead of ethernet. > > However, all 3 providers are up and running, ie., I can successfully ping to > a remote host through their interfaces. > I need to manually run "shorewall enable INTERFACE" and restart shorewall. No > issues from this point onwards. > So why is Shorewall complaining about the interfaces? How does it decide if > it's "usable"? You can read the code for yourself. It is contained in the shell function interface_is_usable(). Note that with the standard /etc/shorewall/isusable script, once a persistent interface is determined to be unusable, the only way to make it usable again is to use the 'enable' (or reenable) command. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
