-----Original Message-----
From: Tom Eastep
Sent: Monday, May 6, 2019 12:10 AM
To: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] Switching between multi-ISP
On 5/5/19 11:58 AM, Andrey Andreev wrote:
> Thanks for the advice! I followed it and switched to systemd-networkd. NM is
> stopped&disabled.
> But the issue with default route being pushed into table 254 by the
> connection with static IP still persists. Here is the new net connections
> setup:
>
> # /etc/systemd/network/10_enp3s0.network
> [Match]
> Name=enp3s0
> [Network]
> Description=enp3s0 - ISP #1
> DHCP=ipv4
> DNS=8.8.8.8
> DNS=8.8.4.4
> [DHCP]
> #UseRoutes=false
> RouteMetric=50
>
> # /etc/systemd/network/20_enp1s0.network
> [Match]
> Name=enp1s0
> [Network]
> Description=enp1s0 - ISP #2
> Address=192.168.42.253/24
> DNS=8.8.8.8
> DNS=8.8.4.4
> [Route]
> Gateway=192.168.42.1
> Metric=200
>
> In this state after network restart or cables plug out/in, 2 default routes
> are created in table 254:
> default via GW1 dev enp3s0 proto dhcp src WAN1 metric 50
> default via 192.168.42.1 ..... metric 200
>
> Manual shorewall restart is required to clean them.
> Uncommenting #UseRoutes=false stops the creation of first default route by
> the dhcp connection.
> But there is no way to stop default route by static IP connection if GW is
> defined. If GW is omitted, no default route is created but there is no
> internet access through this connection either.
Then don't specify GW in the network config, and define it in
/etc/shorewall/providers instead.
> Similar was the situation with NM: DEFROUTE=no and GW exclude each other.
> How to solve this puzzle?
Don't know -- I run Debian which uses its own network configuration system.
> [Link] RequiredForOnline=no could make networkd insensitive to carrier loss,
> but restoring default routes on boot and networkd restart will still take
> place, I guess.
Also don't know -- never used systemd-networkd...
>
> One observation with the above systemd-networkd configuration: metric values
> arrange the 2 default connections the way I need and yield some failover
> behaviour on cable disconnect:
> - when ISP1&2 are up (carrier available) the internet goes through ISP1 ruled
> by metric=50,
> - when ISP1 is down (cable disconnected) the first default route disappears
> and net goes automatically through ISP2,
> - when ISP1 cable is reconneted the internet access is restored through ISP1
> by a newly sreated default route.
> That would be enough if "connection UP" = "cable plugged in" and vice versa,
> but that is not the case and here foolsm + shorewall should come in.
>
> I start asking myself if pulling cables or issuing ifdown/ifup commands is
> the right thing to do to simulate no internet access.
ifup/ifdown is certainly wrong. But unplug/plug works if no other piece
of the system starts inserting routes in response.
> Carrier loss makes the network aware of the event and it takes some action.
But it usually doesn't cause routes to be deleted/added.
Is there a graceful way to cut out interactively just ping response?
You can try manually inserting a DROP iptables rule...
-Tom
--
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\_______________________________________________
> Then don't specify GW in the network config, and define it in
> /etc/shorewall/providers instead.
ISP #2 with static IP has already its GW listed in /etc/shorewall/providers:
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS
COPY
N3 1 1 - enp3s0
GW1 track,primary -
A1 2 2 - enp1s0
192.168.42.1 track -
Andrei
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
