shorewall-users January 2012 archive
Main Archive Page > Month Archives  > shorewall-users archives
shorewall-users: Re: [Shorewall-users] Shorewall gateway - routi

Re: [Shorewall-users] Shorewall gateway - routing issue with dual wan (looking to report possible bug ?)

From: Tom Eastep <teastep_at_nospam>
Date: Mon Jan 09 2012 - 23:07:15 GMT
To: Shorewall Users <>

On Tue, 2012-01-10 at 06:27 +1100, Nick wrote:

> I have dual wans setup very similar to the dual wan guide. I used two
> modems in bridged mode, and PPPOE to authenticate on a Gentoo box.
> Simply put the issue is at times my ISP hands out the same gateway
> address on both connections. When this happens shorewall fails to
> start.
> Most of the time the two ISP gateways are and
> though randomly when pppoe restarts I will be
> assigned the same gateway to both connections. I do have two static
> IP’s that are assigned from my ISP via DHCP.

> I can simulate this by editing the providers file like so:
> isp1 1 512 main eth1 track,balance eth0
> isp2 2 256 main eth2 track,balance eth0

> this is the same error that occurs when I am using the pppoe setup:
> RTNETLINK answers: No such process
> ERROR: Command "ip -4 route replace default scope global table 254
> nexthop via dev eth1 weight 1 nexthop via
> dev eth2 weight 1" Failed
> This has driven me mad for 6 months now, and I hope someone can
> provide a solution other than putting the modems into NAT with
> permanent different gateways. My knowledge of routing is just enough
> to get me into trouble.
> I am happy to provide any further information, I run Gentoo and have
> updated, patched and rebuilt kernels over the last six months to
> attempt to sort this.
> I suspect that Its pretty rare that anyone would have (or want) two
> identical gateways working on their network on different interfaces,
> but I hope that at least a simple test could be added to shorewall to
> prevent this occurring to others.

With PPPOE, you shouldn't be specifying the gateway address on your PPP
devices. If you just leave the GATEWAY column empty ("-"), this problem
shouldn't occur.

-- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car \________________________________________________

Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free!

Shorewall-users mailing list