shorewall-users January 2012 archive
Main Archive Page > Month Archives  > shorewall-users archives
shorewall-users: Re: [Shorewall-users] Shorewall gateway - routi

Re: [Shorewall-users] Shorewall gateway - routing issue with dual wan (looking to report possible bug ?)

From: Tom Eastep <teastep_at_nospam>
Date: Mon Jan 09 2012 - 23:07:15 GMT
To: Shorewall Users <shorewall-users@lists.sourceforge.net>

On Tue, 2012-01-10 at 06:27 +1100, Nick wrote:

> I have dual wans setup very similar to the dual wan guide. I used two
> modems in bridged mode, and PPPOE to authenticate on a Gentoo box.
>
>
>
> Simply put the issue is at times my ISP hands out the same gateway
> address on both connections. When this happens shorewall fails to
> start.
>
>
>
> Most of the time the two ISP gateways are 203.33.255.118 and
> 203.33.255.161 though randomly when pppoe restarts I will be
> assigned the same gateway to both connections. I do have two static
> IP’s that are assigned from my ISP via DHCP.

> I can simulate this by editing the providers file like so:
>
>
>
> NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
> isp1 1 512 main eth1 10.100.11.10 track,balance eth0
> isp2 2 256 main eth2 10.100.11.10 track,balance eth0

> this is the same error that occurs when I am using the pppoe setup:
>
> RTNETLINK answers: No such process
>
> ERROR: Command "ip -4 route replace default scope global table 254
> nexthop via 10.100.11.10 dev eth1 weight 1 nexthop via 10.100.11.10
> dev eth2 weight 1" Failed
>
> This has driven me mad for 6 months now, and I hope someone can
> provide a solution other than putting the modems into NAT with
> permanent different gateways. My knowledge of routing is just enough
> to get me into trouble.
>
> I am happy to provide any further information, I run Gentoo and have
> updated, patched and rebuilt kernels over the last six months to
> attempt to sort this.
>
> I suspect that Its pretty rare that anyone would have (or want) two
> identical gateways working on their network on different interfaces,
> but I hope that at least a simple test could be added to shorewall to
> prevent this occurring to others.

With PPPOE, you shouldn't be specifying the gateway address on your PPP
devices. If you just leave the GATEWAY column empty ("-"), this problem
shouldn't occur.

-Tom
-- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________

------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users