shorewall-users January 2012 archive
Main Archive Page > Month Archives  > shorewall-users archives
shorewall-users: Re: [Shorewall-users] Shorewall gateway - routi

Re: [Shorewall-users] Shorewall gateway - routing issue with dual wan (looking to report possible bug ?)

From: Tom Eastep <teastep_at_nospam>
Date: Tue Jan 10 2012 - 04:51:53 GMT
To: Shorewall Users <shorewall-users@lists.sourceforge.net>

On Jan 9, 2012, at 8:41 PM, Tom Eastep wrote:

>
> On Jan 9, 2012, at 7:51 PM, Nick wrote:
>>
>> Originally I had shorewall set to detect the gateway. This setup was crashing randomly when pppoe restarted the connection with this kind of error:
>> ERROR: Command "ip -4 route replace default scope global table 254
>> nexthop via 203.33.255.161 dev eth1 weight 1 nexthop via 203.33.255.161
>> dev eth2 weight 1" Failed
>
> Did you see the word 'detect' in my post?
>
>>
>> I can reproduce the error by setting the gateways to the same address.
>
> Which is a configuration that will never work. Neither Shorewall nor the Linux IP stack will handle that.
>
>>
>> I donít have the ability to control the gateway assigned to me on the PPPOE session and occasionally my ISP will assign me the same gateway via DHCP over the PPPOE connection
>>
>> Since this setup is reasonably difficult to reproduce I have demonstrated an easy method to reproduce the issue by editing the providers file.
>>
>> I am simply doing this to assist in improving shorewall as I do have a work around. :)
>> Considerable time and effort has gone into researching this issue with nothing found on the internet to suggest that Shorewall is incapable of operating two ISP if they happen to use the same gateway.
>
>
> I repeat: Place the single character '-' in the GATEWAY column for PPOE providers. I am convinced that you will not see any problems with the modems in bridging mode.

Sorry; I don't mean to be offensive and I appreciate the fact that you are trying to help. But point-to-point interfaces don't require a gateway because there is only one host at the end of the point-to-point connection. So anything sent through a PTP interface will end up at the 'gateway'. And specifying a gateway explicitly or asking Shorewall to detect the gateway just messes things up.

Regards,
-Tom

Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________

------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create
new or port existing apps to sell to consumers worldwide. Explore the
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users