zen10984@zen.co.uk
2003-Sep-30 09:04 UTC
[Shorewall-users] Problems setting up routing for multiple links
Hi All, I am trying to setup Routing on my Bering Firewall to allow connections to two providers, as well as maintaining inbound connections to web servers hosted in a dmz. I also use ipsec to link to another network. I have been adding the commands as described on the LARTC web site http://lartc.org/howto/lartc.rpdb.multiple-links.html I am adding these to /etc/netowkrs/interfaces using the up command. But find that the line shown with an * generate a file already exists. So it sounds as though I am trying to add a route that has already been created somewhere in Bering. ip route add $P1_NET dev $IF1 src $IP1 table T1 ip route add default via $P1 table T1 ip route add $P2_NET dev $IF2 src $IP2 table T2 ip route add default via $P2 table T2 * ip route add $P1_NET dev $IF1 src $IP1 * ip route add $P2_NET dev $IF2 src $IP2 ip route add default via $P1 ip rule add from $IP1 table T1 ip rule add from $IP2 table T2 ip route add $P0_NET dev $IF0 table T1 ip route add $P2_NET dev $IF2 table T1 ip route add 127.0.0.0/8 dev lo table T1 ip route add $P0_NET dev $IF0 table T2 ip route add $P1_NET dev $IF1 table T2 ip route add 127.0.0.0/8 dev lo table T2 I also believe I will need further routes for the dmz, but need to understand the first failure before moving onto this issue. Any help on this would be much appreciated. Regards, Simon Chalk.
Tom Eastep
2003-Sep-30 10:16 UTC
[Shorewall-users] Problems setting up routing for multiple links
On Tue, 30 Sep 2003 zen10984@zen.co.uk wrote: PLEASE -- Post in plain text and configure your mailer to fold long lines.> I am trying to setup Routing on my Bering Firewall to allow connections > to two providers, as well as maintaining inbound connections to web > servers hosted in a dmz. I also use ipsec to link to another network. > > I have been adding the commands as described on the LARTC web site > http://lartc.org/howto/lartc.rpdb.multiple-links.html > > I am adding these to /etc/netowkrs/interfaces using the up command. > > But find that the line shown with an * generate a file already exists. > So it sounds as though I am trying to add a route that has already been > created somewhere in Bering. > > > > * ip route add $P1_NET dev $IF1 src $IP1 > * ip route add $P2_NET dev $IF2 src $IP2 >The act of bringing up the devices automatically creates routes that conflict with those commands. -Tom PS -- you may have better luck with posting on the LARTC list for questions of this sort as it''s a bit off-topic on this list. -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net