On 10/17/18 3:47 AM, Leroy Tennison wrote: > (eth9 is up, has the assigned IP address and $INTERNET_GW is pingable, > afterward arp -n shows the correct MAC address, similarly all of the > "copy" interfaces exist and are up). The below is the providers entry > > yellow 1 1 main eth9 > $INTERNET_GW track eth0,eth3,eth5,tun0 > > 'shorewall start' returns: > > ERROR: Interface eth9 is not usable -- Provider yellow (1) Cannot be Started > Terminated > > If I add :<IP address> to eth9 I get: > > ERROR: Unable to determine the MAC address of <IP address> through > interface "eth9" > > Can anyone explain why or at least tell me what kinds of things produce > these errors? Thanks for any help. >
The test for usability is contained in the shell function interface_is_usable() in /usr/share/shorewall/lib.runtime. Interface eth9 is usable during 'start', if: a) It is UP (the UP flag is set in the output of 'ip link ls dev eth9) b) It has an IP address assigned c) It's 'state' is not DOWN (see the output of 'ip link ls dev eth9) d) The file /var/lib/shorewall/eth9_disabled does not exist. e) The file /var/lib/shorewall/eth9.status exists and contains 0 (assuming you are using the standard /etc/shorewall/isusable script). If the problem is either d) or e), then 'shorewall enable eth9' should correct the situation. As a final note, not related to the error messages, USE_DEFAULT_RT=No is deprecated and is not advised. You are clearly using that setting since the DUPLICATE and COPY columns in the entry you show above are non-empty. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
