Shorewall users - Apr 2009 - WARNING: default route ignored on interface XXX

Hello,

 

I''m receiving this error while restarting/starting Shorewall :

 

Processing /etc/shorewall/init ...

WARNING: default route ignored on interface vlan20

WARNING: default route ignored on interface vlan10

WARNING: default route ignored on interface vlan30

WARNING: default route ignored on interface vlan50

WARNING: default route ignored on interface vlan100

 

My route -n output is : 

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface

212.143.205.177 0.0.0.0         255.255.255.255 UH    0      0        0
ppp3

212.199.5.3     0.0.0.0         255.255.255.255 UH    0      0        0
eth2

212.25.114.103  0.0.0.0         255.255.255.255 UH    0      0        0
ppp1

212.179.37.1    0.0.0.0         255.255.255.255 UH    0      0        0
ppp6

172.26.255.245  0.0.0.0         255.255.255.255 UH    0      0        0
eth3

212.199.5.226   0.0.0.0         255.255.255.255 UH    0      0        0
ppp2

212.199.17.49   0.0.0.0         255.255.255.255 UH    0      0        0
ppp5

212.25.127.1    0.0.0.0         255.255.255.255 UH    0      0        0
eth1

212.179.61.77   0.0.0.0         255.255.255.255 UH    0      0        0
eth0

212.25.114.89   0.0.0.0         255.255.255.255 UH    0      0        0
ppp0

212.143.205.175 0.0.0.0         255.255.255.255 UH    0      0        0
ppp4

212.143.205.175 0.0.0.0         255.255.255.255 UH    0      0        0
ppp7

212.179.61.78   172.23.144.1    255.255.255.255 UGH   0      0        0
eth0

10.0.20.0       10.0.20.254     255.255.255.0   UG    0      0        0
vlan20

192.168.101.0   0.0.0.0         255.255.255.0   U     0      0        0
eth4

192.168.102.0   0.0.0.0         255.255.255.0   U     0      0        0
eth7

10.0.100.0      10.0.100.254    255.255.255.0   UG    0      0        0
vlan100

192.168.103.0   0.0.0.0         255.255.255.0   U     0      0        0
eth6

10.0.0.0        10.0.0.254      255.255.255.0   UG    0      0        0
vlan50

10.0.30.0       10.0.30.254     255.255.255.0   UG    0      0        0
vlan30

192.168.104.0   0.0.0.0         255.255.255.0   U     0      0        0
eth5

10.0.10.0       10.0.10.254     255.255.255.0   UG    0      0        0
vlan10

172.29.166.0    0.0.0.0         255.255.255.0   U     0      0        0
eth2

84.109.220.0    0.0.0.0         255.255.252.0   U     0      0        0
eth1

172.23.144.0    0.0.0.0         255.255.248.0   U     0      0        0
eth0

172.23.144.0    0.0.0.0         255.255.248.0   U     0      0        0
eth3

0.0.0.0         212.25.114.89   0.0.0.0         UG    0      0        0
ppp0

0.0.0.0         10.0.100.254    0.0.0.0         UG    100    0        0
vlan100

0.0.0.0         10.0.0.254      0.0.0.0         UG    100    0        0
vlan50

0.0.0.0         10.0.30.254     0.0.0.0         UG    100    0        0
vlan30

0.0.0.0         10.0.20.254     0.0.0.0         UG    100    0        0
vlan20

0.0.0.0         10.0.10.254     0.0.0.0         UG    100    0        0
vlan10

0.0.0.0         172.23.144.1    0.0.0.0         UG    100    0        0
eth0

 

 

Any help would be appreciated.

 

Thank you.

Tal.



------------------------------------------------------------------------------

Tal Hazan wrote:
> Hello,
> 
> 
> 
> I’m receiving this error while restarting/starting Shorewall :
> 
> 
> 
> Processing /etc/shorewall/init ...
> 
> WARNING: default route ignored on interface vlan20
> 
> WARNING: default route ignored on interface vlan10
> 
> WARNING: default route ignored on interface vlan30
> 
> WARNING: default route ignored on interface vlan50
> 
> WARNING: default route ignored on interface vlan100
> 
> 
> 
> My route –n output is :
<output deleted>

It seem that your routing configuration was put together by someone who
mistakenly believes that every interface must be configured with a
default route. Clearly that person doesn''t understand the basics of
IPv4
routing (I''ve told you before about where you need default routes and
where you don''t but you apparently aren''t listening).

The Shorewall warnings usually occur when the user has placed the name
of an interface in the SOURCE column of /etc/shorewall/masq. Netfilter
doesn''t support specification of a source interface on MASQUERADE/SNAT
rules so Shorewall must parse the output of ''ip route ls dev
<interface>'' to determine the networks routed out of that
interface. It
then uses those networks as the source for the iptables MASQUERADE/SNAT
rule(s). A default route is a route to 0.0.0.0/0. I ignore those routes
because to go ahead and use it would cause all traffic leaving the
interface to be masqueraded/snatted; it is clearly a case of the user
specifying the wrong interface (probably has the two interface names
reversed) or  it is a case of the routing configuration being bogus. In
your case, it appears to be the latter.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------