Thank you Erich. I would have suspected DHCP, except that vlan7 has a static IP in Netplan and if I flip it down and up again, there is a static route added for its gateway to the ip route table main, just as happens with a recycle of vlan5 which is DHCP.
A mystery. I have a working bypass for now with networkd-dispatcher triggering shorewall reload. And actually, I realized I had been using that for quite some time to reload shorewall after link changes, however the scripts had faded into the mists of time and my lack of good documentation for our configurations... Best, Norman On Sat, Jul 24, 2021 at 4:54 PM Erich Titl <erich.t...@think.ch> wrote: > Hi Norm > > Am 24.07.2021 um 14:38 schrieb Norman and Audrey Henderson: > > Hi, I have been using rt_rules to force certain traffic out one or the > > other of my iSP's, and it has worked will for years. I seem to have done > > "something" that has caused the following behavior. > > One ISP is vlan5 and it's flaky. The other is vlan7 and it's mostly > > stable. The two ISP's are set up with balance so that normal users' > > traffic could be assigned to either. Certain IP's however should always > > use vlan7 if it's up. The rt_rules entry is numbered above 1000 because, > > we have various networks of our own we need to route to. This is done > > via entries in the routes file specifying table main. > > > > After a shorewall reload, there are no "default" routes in the main > > table. Correct. > > > > However if vlan5 goes down briefly or if I simulate that by: ifconfig > > vlan5 down; sleep 2; ifconfig vlan5 up - then a default route to the > > gateway of vlan5 gets added to table main. The preference for vlan7 > > (being after the main table) is then not applied. > > > > shorewall reload fixes it. > > > > Any ideas of why this would be occurring? Or, is there a way to trigger > > shorewall reload whenever a link changes state? > > is is possible that your ifconfig up on vlan 5 triggers dhcp setting the > default route? > > cheers > > ET > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
