Hi, I''ve upgraded my kernel to 2.6.29.1 because of problems with conntrack table of my old kernel. Now I have a new problem which is really interesting. It might be something not related to Shorewall, but I need your help to identify the problem because it gets fixed after Shorewall is restarted. Brief explanation of the problem: br0 is my LAN interface and I have ppp0 , ppp1 interfaces configured as 2 providers (WAN). Behind br0 , there are eth2 and ath0 interfaces bridged. All clients accessing internet are NATted to ppp0 or ppp1 interface when reaching internet. When the Shorewall is just started there is no problem; every client can reach the internet and also the Shorewall box can reach internet. But after some time all clients can not reach internet. When I look with tcpdump I see that the LAN client''s request is well NATted and the packet is sent from WAN interface. Also, the reply from internet host is received. But it is not sent back to the LAN client: # tcpdump -i any "host 193.243.202.97" tcpdump: WARNING: Promiscuous mode not supported on the "any" device tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes 19:54:19.737715 IP 192.168.254.1 > 193.243.202.97: ICMP echo request, id 256, seq 10240, length 40 19:54:19.737715 IP 192.168.254.1 > 193.243.202.97: ICMP echo request, id 256, seq 10240, length 40 19:54:19.737941 IP 95.65.145.197 > 193.243.202.97: ICMP echo request, id 256, seq 10240, length 40 19:54:19.744362 IP 193.243.202.97 > 95.65.145.197: ICMP echo reply, id 256, seq 10240, length 40 Then, if I restart Shorewall with "shorewall restart" , everything is fine again: # tcpdump -i any "host 193.243.202.97" tcpdump: WARNING: Promiscuous mode not supported on the "any" device tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes 19:58:13.020710 IP 192.168.254.1 > 193.243.202.97: ICMP echo request, id 256, seq 37632, length 40 19:58:13.020710 IP 192.168.254.1 > 193.243.202.97: ICMP echo request, id 256, seq 37632, length 40 19:58:13.020962 IP 95.65.145.197 > 193.243.202.97: ICMP echo request, id 256, seq 37632, length 40 19:58:13.027301 IP 193.243.202.97 > 95.65.145.197: ICMP echo reply, id 256, seq 37632, length 40 19:58:13.027452 IP 193.243.202.97 > 192.168.254.1: ICMP echo reply, id 256, seq 37632, length 40 19:58:13.027484 IP 193.243.202.97 > 192.168.254.1: ICMP echo reply, id 256, seq 37632, length 40 I am attaching the "shorewall dump" outputs of both working (fresh) and not working status, to this email. Could you please check what''s going wrong after some time, which blocks my internet access ? It may be a problem with the kernel but I couldn''t figure out myself. Thanks. ------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p
Mekabe Ramein wrote: <duplicate of previous post deleted> Mekabe If you need instant response to your problems then buy a commercial firewall (and be sure to buy support along with it). You re-posted your problem within two hours of posting the first time. I won''t put up with that crap and will simply start ignoring you if you continue to be that impatient. The problem is caused by disappearing routes. It looks like ppp1 had some sort of problem which caused all routes through that interface to be deleted. The route to 192.168.20.2 is still present in the main table but there is no default route in either table kocnet2 or in the main table. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p
Hi Tom, First of all, I am very sorry to disturb the ist with a duplicate post. I just thought that because of the attachment my email didn''t reach the list. Because it didn''t show up in the mail archives. I repeat, I am very sorry. I am not using Shorewall or Linux for any commercial business, just my home network with 2 PC clients and an IP PBX. That''s why I am not looking for any sort of commercial help or commercial firewall. Thanks for looking at the problem. Unfortunately I didn''t understand your comment though. This problem occured three times since yesterday I upgraded my kernel. With the previous kernel I didn''t have such problem even once. If it is a problem caused by ppp1 going down, I would expect that my internet access would still be available from ppp0 (kocnet1) Is that incorrect ? How can I troubleshoot this further when it happens again ? Thanks. On Mon, Apr 20, 2009 at 10:30 PM, Tom Eastep <teastep@shorewall.net> wrote:> Mekabe Ramein wrote: > > <duplicate of previous post deleted> > > Mekabe > > If you need instant response to your problems then buy a commercial > firewall (and be sure to buy support along with it). You re-posted your > problem within two hours of posting the first time. I won''t put up with > that crap and will simply start ignoring you if you continue to be that > impatient. > > The problem is caused by disappearing routes. It looks like ppp1 had > some sort of problem which caused all routes through that interface to > be deleted. The route to 192.168.20.2 is still present in the main table > but there is no default route in either table kocnet2 or in the main table. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > ------------------------------------------------------------------------------ > Stay on top of everything new and different, both inside and > around Java (TM) technology - register by April 22, and save > $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. > 300 plus technical and hands-on sessions. Register today. > Use priority code J9JMT32. http://p.sf.net/sfu/p > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p
Mekabe Ramein wrote:> Thanks for looking at the problem. Unfortunately I didn''t understand > your comment though.> This problem occured three times since yesterday I upgraded my kernel. > With the previous kernel I didn''t have such problem even once. > If it is a problem caused by ppp1 going down, I would expect that my > internet access would still be available from ppp0 (kocnet1) > Is that incorrect ?The default route in the ''main'' table is being removed. That will kill any internet traffic except traffic that is being specifically directed to kocnet1.> > How can I troubleshoot this further when it happens again ? >Look at the logs. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p
Try reverting to previous kernel by choosing it on the boot screen (keyboard key <DOWN> and then choosing last kernel) and see if it changes anything. Mekabe Ramein wrote:> Hi Tom, > > First of all, I am very sorry to disturb the ist with a duplicate post. > I just thought that because of the attachment my email didn''t reach > the list. Because it didn''t show up in the mail archives. > I repeat, I am very sorry. > > I am not using Shorewall or Linux for any commercial business, just my > home network with 2 PC clients and an IP PBX. > That''s why I am not looking for any sort of commercial help or > commercial firewall. > > Thanks for looking at the problem. Unfortunately I didn''t understand > your comment though. > This problem occured three times since yesterday I upgraded my kernel. > With the previous kernel I didn''t have such problem even once. > If it is a problem caused by ppp1 going down, I would expect that my > internet access would still be available from ppp0 (kocnet1) > Is that incorrect ? > > How can I troubleshoot this further when it happens again ? > > Thanks. > > On Mon, Apr 20, 2009 at 10:30 PM, Tom Eastep <teastep@shorewall.net> wrote: >> Mekabe Ramein wrote: >> >> <duplicate of previous post deleted> >> >> Mekabe >> >> If you need instant response to your problems then buy a commercial >> firewall (and be sure to buy support along with it). You re-posted your >> problem within two hours of posting the first time. I won''t put up with >> that crap and will simply start ignoring you if you continue to be that >> impatient. >> >> The problem is caused by disappearing routes. It looks like ppp1 had >> some sort of problem which caused all routes through that interface to >> be deleted. The route to 192.168.20.2 is still present in the main table >> but there is no default route in either table kocnet2 or in the main table. >> >> -Tom >> -- >> Tom Eastep \ When I die, I want to go like my Grandfather who >> Shoreline, \ died peacefully in his sleep. Not screaming like >> Washington, USA \ all of the passengers in his car >> http://shorewall.net \________________________________________________ >> >> >> ------------------------------------------------------------------------------ >> Stay on top of everything new and different, both inside and >> around Java (TM) technology - register by April 22, and save >> $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. >> 300 plus technical and hands-on sessions. Register today. >> Use priority code J9JMT32. http://p.sf.net/sfu/p >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> > > ------------------------------------------------------------------------------ > Stay on top of everything new and different, both inside and > around Java (TM) technology - register by April 22, and save > $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. > 300 plus technical and hands-on sessions. Register today. > Use priority code J9JMT32. http://p.sf.net/sfu/p > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p
Hi, Ok I understand better now (I hope) When one of the ppp connection is down , I lose all default routing. ppp connection can go down anytime. To prevent losing default route ; would it be suitable to put "shorewall restart" in /etc/ppp/ip-up.local file ? Thanks. On Mon, Apr 20, 2009 at 11:31 PM, Tom Eastep <teastep@shorewall.net> wrote:> Mekabe Ramein wrote: > >> Thanks for looking at the problem. Unfortunately I didn''t understand >> your comment though. > >> This problem occured three times since yesterday I upgraded my kernel. >> With the previous kernel I didn''t have such problem even once. >> If it is a problem caused by ppp1 going down, I would expect that my >> internet access would still be available from ppp0 (kocnet1) >> Is that incorrect ? > > The default route in the ''main'' table is being removed. That will kill > any internet traffic except traffic that is being specifically directed > to kocnet1. > >> >> How can I troubleshoot this further when it happens again ? >> > > Look at the logs. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > ------------------------------------------------------------------------------ > Stay on top of everything new and different, both inside and > around Java (TM) technology - register by April 22, and save > $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. > 300 plus technical and hands-on sessions. Register today. > Use priority code J9JMT32. http://p.sf.net/sfu/p > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p
Mekabe Ramein wrote:> Hi, > > Ok I understand better now (I hope) > When one of the ppp connection is down , I lose all default routing. > ppp connection can go down anytime. > To prevent losing default route ; would it be suitable to put > "shorewall restart" in /etc/ppp/ip-up.local file ?That is what is recommended on the Shorewall site (http://www.shorewall.net/3.0/starting_and_stopping_shorewall.htm#id2480315) -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p
Well, the problem does not occur everytime. I have to wait till it occurs. On the other hand as Tom says, ppp being down makes it lose the default routes. If that is a normal situation I believe I have to restart Shorewall each time ppp is down-up. So would it be a goof idea to put "shorewall restart" in /etc/ppp/ip-up.local file ? On Mon, Apr 20, 2009 at 11:49 PM, Ljubomir Ljubojevic <office@plcomputers.net> wrote:> Try reverting to previous kernel by choosing it on the boot screen > (keyboard key <DOWN> and then choosing last kernel) and see if it > changes anything. > > Mekabe Ramein wrote: >> Hi Tom, >> >> First of all, I am very sorry to disturb the ist with a duplicate post. >> I just thought that because of the attachment my email didn''t reach >> the list. Because it didn''t show up in the mail archives. >> I repeat, I am very sorry. >> >> I am not using Shorewall or Linux for any commercial business, just my >> home network with 2 PC clients and an IP PBX. >> That''s why I am not looking for any sort of commercial help or >> commercial firewall. >> >> Thanks for looking at the problem. Unfortunately I didn''t understand >> your comment though. >> This problem occured three times since yesterday I upgraded my kernel. >> With the previous kernel I didn''t have such problem even once. >> If it is a problem caused by ppp1 going down, I would expect that my >> internet access would still be available from ppp0 (kocnet1) >> Is that incorrect ? >> >> How can I troubleshoot this further when it happens again ? >> >> Thanks. >> >> On Mon, Apr 20, 2009 at 10:30 PM, Tom Eastep <teastep@shorewall.net> wrote: >>> Mekabe Ramein wrote: >>> >>> <duplicate of previous post deleted> >>> >>> Mekabe >>> >>> If you need instant response to your problems then buy a commercial >>> firewall (and be sure to buy support along with it). You re-posted your >>> problem within two hours of posting the first time. I won''t put up with >>> that crap and will simply start ignoring you if you continue to be that >>> impatient. >>> >>> The problem is caused by disappearing routes. It looks like ppp1 had >>> some sort of problem which caused all routes through that interface to >>> be deleted. The route to 192.168.20.2 is still present in the main table >>> but there is no default route in either table kocnet2 or in the main table. >>> >>> -Tom >>> -- >>> Tom Eastep \ When I die, I want to go like my Grandfather who >>> Shoreline, \ died peacefully in his sleep. Not screaming like >>> Washington, USA \ all of the passengers in his car >>> http://shorewall.net \________________________________________________ >>> >>> >>> ------------------------------------------------------------------------------ >>> Stay on top of everything new and different, both inside and >>> around Java (TM) technology - register by April 22, and save >>> $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. >>> 300 plus technical and hands-on sessions. Register today. >>> Use priority code J9JMT32. http://p.sf.net/sfu/p >>> _______________________________________________ >>> Shorewall-users mailing list >>> Shorewall-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/shorewall-users >>> >>> >> >> ------------------------------------------------------------------------------ >> Stay on top of everything new and different, both inside and >> around Java (TM) technology - register by April 22, and save >> $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. >> 300 plus technical and hands-on sessions. Register today. >> Use priority code J9JMT32. http://p.sf.net/sfu/p >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> > > > ------------------------------------------------------------------------------ > Stay on top of everything new and different, both inside and > around Java (TM) technology - register by April 22, and save > $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. > 300 plus technical and hands-on sessions. Register today. > Use priority code J9JMT32. http://p.sf.net/sfu/p > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p
Tom Eastep wrote:> Mekabe Ramein wrote: >> Hi, >> >> Ok I understand better now (I hope) >> When one of the ppp connection is down , I lose all default routing. >> ppp connection can go down anytime. >> To prevent losing default route ; would it be suitable to put >> "shorewall restart" in /etc/ppp/ip-up.local file ? > > That is what is recommended on the Shorewall site > (http://www.shorewall.net/3.0/starting_and_stopping_shorewall.htm#id2480315)Or, more currently, http://www1.shorewall.net/starting_and_stopping_shorewall.htm#Boot. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p
Hi, I''ve added "shorewall restart" to my /etc/ppp/ip-up.local file. Today the problem occured again; default routes are gone from the routing table. "shorewall restart On Tue, Apr 21, 2009 at 12:09 AM, Tom Eastep <teastep@shorewall.net> wrote:> Tom Eastep wrote: >> Mekabe Ramein wrote: >>> Hi, >>> >>> Ok I understand better now (I hope) >>> When one of the ppp connection is down , I lose all default routing. >>> ppp connection can go down anytime. >>> To prevent losing default route ; would it be suitable to put >>> "shorewall restart" in /etc/ppp/ip-up.local file ? >> >> That is what is recommended on the Shorewall site >> (http://www.shorewall.net/3.0/starting_and_stopping_shorewall.htm#id2480315) > > Or, more currently, > http://www1.shorewall.net/starting_and_stopping_shorewall.htm#Boot. >------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p
Hi, Sorry I''ve sent the email before it was complete accidentally. I''ve added "shorewall restart" to my /etc/ppp/ip-up.local file. Today the problem occured again; default routes are gone from the routing table. "shorewall restart" from the ppp ip-up.local file did not solve the problem. But when I issued "shorewall restart" manually, the problem was solved. Maybe the ppp interface was not down-up. So ip-up.local was not invoked. How else could the default routes be erased from routing table ? On Tue, Apr 21, 2009 at 12:01 AM, Tom Eastep <teastep@shorewall.net> wrote:> Mekabe Ramein wrote: >> Hi, >> >> Ok I understand better now (I hope) >> When one of the ppp connection is down , I lose all default routing. >> ppp connection can go down anytime. >> To prevent losing default route ; would it be suitable to put >> "shorewall restart" in /etc/ppp/ip-up.local file ? > > That is what is recommended on the Shorewall site > (http://www.shorewall.net/3.0/starting_and_stopping_shorewall.htm#id2480315) >------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p
Mekabe Ramein wrote:> Hi, > > Sorry I''ve sent the email before it was complete accidentally. > > I''ve added "shorewall restart" to my /etc/ppp/ip-up.local file. > Today the problem occured again; default routes are gone from the routing table. > "shorewall restart" from the ppp ip-up.local file did not solve the problem. > But when I issued "shorewall restart" manually, the problem was solved. > > Maybe the ppp interface was not down-up. So ip-up.local was not invoked. > How else could the default routes be erased from routing table ?You are running a ''bleeding-edge'' kernel with software that has not be validated with that kernel. People who do that get to deal with "interesting" problems. Sorry -- this isn''t a Shorewall problem and I''m not going to spend any more time trying to solve it for you. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p
Mekabe Ramein wrote:> Hi, > > Sorry I''ve sent the email before it was complete accidentally. > > I''ve added "shorewall restart" to my /etc/ppp/ip-up.local file. > Today the problem occured again; default routes are gone from the routing table. > "shorewall restart" from the ppp ip-up.local file did not solve the problem. > But when I issued "shorewall restart" manually, the problem was solved. > > Maybe the ppp interface was not down-up. So ip-up.local was not invoked. > How else could the default routes be erased from routing table ? >“/sbin/shorewall restart” and "shorewall restart" not the same thing. I found cases where you have to write the FULL path. You can test much faster if you edit the script and then just physically pull the cable out. That will simulate disconnection of the pppX. Ljubomir ------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p
Hi Ljubomir, Thanks for showing me the way :) I''ve found that my ip-up.local file was not executable. I''ve changed it to executable and tested as you suggested. Now it runs "shorewall restart" The problem seems to be fixed. But then, why it did not happen with my old kernel. That''s weird. Maybe the ppp was not going down so often with previous kernel. (?) Btw, the reason why I am using this kernel is that it has been suggested from netfilter mailing list to solve my conntrack problem. Thanks. On Tue, Apr 21, 2009 at 10:16 PM, Ljubomir Ljubojevic <office@plcomputers.net> wrote:> Mekabe Ramein wrote: >> Hi, >> >> Sorry I''ve sent the email before it was complete accidentally. >> >> I''ve added "shorewall restart" to my /etc/ppp/ip-up.local file. >> Today the problem occured again; default routes are gone from the routing table. >> "shorewall restart" from the ppp ip-up.local file did not solve the problem. >> But when I issued "shorewall restart" manually, the problem was solved. >> >> Maybe the ppp interface was not down-up. So ip-up.local was not invoked. >> How else could the default routes be erased from routing table ? >> > “/sbin/shorewall restart” and "shorewall restart" not the same thing. I > found cases where you have to write the FULL path. > > You can test much faster if you edit the script and then just physically > pull the cable out. That will simulate disconnection of the pppX. > > Ljubomir > > ------------------------------------------------------------------------------ > Stay on top of everything new and different, both inside and > around Java (TM) technology - register by April 22, and save > $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. > 300 plus technical and hands-on sessions. Register today. > Use priority code J9JMT32. http://p.sf.net/sfu/p > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p