Thanks Justin, yes it would be a good idea to manage my configs ... This is Ubuntu 20.04 with netplan. vlan5 is a dhcp interface however vlan7 is static and produces the same behavior.
No it doesn't seem like shorewall is doing it. /var/log/shorewall-init.log doesn't record anything. For now I will try to use networkd-dispatcher to do a shorewall reload when an interface becomes routable. - Norman On Sat, Jul 24, 2021 at 2:30 PM Justin Pryzby <pry...@telsasoft.com> wrote: > On Sat, Jul 24, 2021 at 01:38:17PM +0100, Norman and Audrey Henderson > wrote: > > Hi, I have been using rt_rules to force certain traffic out one or the > > other of my iSP's, and it has worked will for years. I seem to have done > > "something" that has caused the following behavior. > > It sounds like an OS level thing or something other than shorewall. > Whatever > OS it is, where is the config that manages vlan5 ? Is it using dhcp. What > packages did you upgrade ? > > I think you should be using GIT or some other method to manage your config. > There's tools like etckeeper to help with this. > > If you don't already have that, then you get to try crummy alternatives > like > find /etc -ctime -9 -ls > > > One ISP is vlan5 and it's flaky. The other is vlan7 and it's mostly > stable. > > The two ISP's are set up with balance so that normal users' traffic could > > be assigned to either. Certain IP's however should always use vlan7 if > it's > > up. The rt_rules entry is numbered above 1000 because, we have various > > networks of our own we need to route to. This is done via entries in the > > routes file specifying table main. > > > > After a shorewall reload, there are no "default" routes in the main > table. > > Correct. > > > > However if vlan5 goes down briefly or if I simulate that by: ifconfig > vlan5 > > down; sleep 2; ifconfig vlan5 up - then a default route to the gateway of > > vlan5 gets added to table main. The preference for vlan7 (being after the > > main table) is then not applied. > > > > shorewall reload fixes it. > > > > Any ideas of why this would be occurring? Or, is there a way to trigger > > shorewall reload whenever a link changes state? > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
