On 5/4/19 7:52 AM, Andrey Andreev wrote: > Last weeks we had a lot of holidays and I did some more testing. > Default route in table 254 showed up because on some adapters DEFROUTE=yes. I > still cannot set DEFROUTE=no on ISP A1 adapter connecting to GPRS router with > static IP. With DEFROUTE=no does not accept GW (in NetworkManager GUI) and > there is no internet connection. Below is the ifcfg-enp1s0 file which NM > creates for legacy as far as I understood: > > HWADDR=50:3E:AA:04:A5:80 > MACADDR=50:3E:AA:04:A5:80 > TYPE=Ethernet > PROXY_METHOD=none > BROWSER_ONLY=no > BOOTPROTO=none > IPADDR=192.168.42.253 > PREFIX=24 > GATEWAY=192.168.42.1 > DEFROUTE=yes > IPV4_FAILURE_FATAL=no > IPV4_DNS_PRIORITY=100 > IPV6INIT=no > NAME=enp1s0 > UUID=56586d38-7ac7-4f21-ba06-21879d410363 > DEVICE=enp1s0 > ONBOOT=yes > > The adapter to ISP N3 has dhcp settings (static IP address over DHCP), it > gets GW from ISP: > > HWADDR=84:16:F9:06:D9:F9 > MACADDR=84:16:F9:06:D9:F9 > TYPE=Ethernet > PROXY_METHOD=none > BROWSER_ONLY=no > BOOTPROTO=dhcp > DNS1=8.8.8.8 > DNS2=8.8.4.4 > DNS3=10.10.10.10 > DEFROUTE=no > PEERDNS=no > IPV4_FAILURE_FATAL=no > IPV6INIT=no > NAME=enp3s0 > UUID=ded60b05-53c5-457d-adc5-58b54481ca67 > ONBOOT=yes > > Some lines advised in http://www.shorewall.org/MultiISP.html in "DHCP with > USE_DEFAULT_RT" section are missing in my config: > PERSISTENT_DHCLIENT=yes > PEERDNS=no > PEERNTP=no > DHCLIENTARGS="-nc" > If not created from within NM GUI, these records are deleted when connection > parameters are edited, how can I insert them in NM?
No idea -- I've never use NM on a firewall. > > Could it be that NM messes the routing? I noticed that NM adds default route > when A1 NIC goes up-->down-->up and a manual shorewall restart is needed to > clean it. Yes -- that sounds like what is happening. > > I did one more test: stopped NM and tried to start the old simple > network.service, but it fails with "Failed to start LSB: Bring up/down > networking" which I could not solve. > systemd-networkd starts OK but routing records do not change at all when ISP > is up/down. Guess the NICs state is not monitored dynamically. > Then, I would use systemd-networkd for network configuration, rather than NM. You want FooLSM alone to be monitoring the link state. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
