shorewall-users January 2012 archive
Main Archive Page > Month Archives  > shorewall-users archives
shorewall-users: [Shorewall-users] Shorewall gateway - routing i

[Shorewall-users] Shorewall gateway - routing issue with dual wan (looking to report possible bug ?)

From: Nick <nick17v_at_nospam>
Date: Mon Jan 09 2012 - 19:27:41 GMT
To: <shorewall-users@lists.sourceforge.net>

Hi,
 
I have dual wans setup very similar to the dual wan guide. I used two
modems in bridged mode, and PPPOE to authenticate on a Gentoo box.
 
Simply put the issue is at times my ISP hands out the same gateway address
on both connections. When this happens shorewall fails to start.
 
Most of the time the two ISP gateways are 203.33.255.118 and 203.33.255.161
though randomly when pppoe restarts I will be assigned the same gateway to
both connections. I do have two static IP's that are assigned from my ISP
via DHCP.
 
I can simulate this by editing the providers file like so:
 
NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY
OPTIONS COPY
isp1 1 512 main eth1 10.100.11.10
track,balance eth0
isp2 2 256 main eth2 10.100.11.10
track,balance eth0
 
this is the same error that occurs when I am using the pppoe setup:
RTNETLINK answers: No such process
   ERROR: Command "ip -4 route replace default scope global table 254
nexthop via 10.100.11.10 dev eth1 weight 1 nexthop via 10.100.11.10 dev eth2
weight 1" Failed
 
This has driven me mad for 6 months now, and I hope someone can provide a
solution other than putting the modems into NAT with permanent different
gateways. My knowledge of routing is just enough to get me into trouble.
 
I am happy to provide any further information, I run Gentoo and have
updated, patched and rebuilt kernels over the last six months to attempt to
sort this.
 
I suspect that Its pretty rare that anyone would have (or want) two
identical gateways working on their network on different interfaces, but I
hope that at least a simple test could be added to shorewall to prevent this
occurring to others.
 
Thanks for reading,
Nick.

------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users