thr3ads.net - Shorewall users - isusable/swping script [Feb 2010]

If this information is useful, please help other people find it:
Share via:

zorgman

2010-Feb-16 16:20 UTC

isusable/swping script

Hi

I''m trying to monitor my multi ISP shorewall with swping, the script 
works fine, i can see in log when an ISP is down, the script restart 
shorewall and /etc/shorewall/isusable is called, however in the swping 
log after the shorewall restart i see again a route by ISP (even the ISP 
down), is it normal ? should i not see one route less?

shorewall version 4.4.5.4-1.

****

/etc/shorewall/provider

*freenew    1024       1024     main            eth2.303            
88.162.205.254 track,balance    eth0,eth1,eth0.**
nerim    512       512       main            eth2.301            
192.168.0.1  track,balance   eth0,eth1,eth0.*
freeold    2048       2048       main            eth2.302            
88.162.207.254  track,balance   eth0,eth1,eth0.*

****
****
Log :
*eth2.303 is Down!*
Restarting Shorewall....
Initializing...
Setting up Route Filtering...
Setting up Martian Logging...
Adding Providers...
Setting up Traffic Control...
Preparing iptables-restore input...
Running /sbin/iptables-restore...
IPv4 Forwarding Enabled
done.
....
....
172.20.8.0/24 dev eth0.9  proto kernel  scope link  src 172.20.8.254
default
        nexthop via 88.162.205.254  dev eth2.303 weight 1
        nexthop via 192.168.0.1  dev eth2.301 weight 1
        nexthop via 88.162.207.254  dev eth2.302 weight 1

*eth2.303 is Up!*
Restarting Shorewall....
Initializing...
Setting up Route Filtering...
Setting up Martian Logging...
Adding Providers...
Setting up Traffic Control...
Preparing iptables-restore input...
Running /sbin/iptables-restore...
IPv4 Forwarding Enabled
done.
....
....
default
        nexthop via 88.162.205.254  dev eth2.303 weight 1
        nexthop via 192.168.0.1  dev eth2.301 weight 1
        nexthop via 88.162.207.254  dev eth2.302 weight 1
****

Thanks for your help


------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev

Tom Eastep

2010-Feb-16 20:56 UTC

head link

Re: isusable/swping script

zorgman wrote:> Hi
> 
> I''m trying to monitor my multi ISP shorewall with swping, the
script
> works fine, i can see in log when an ISP is down, the script restart
> shorewall and /etc/shorewall/isusable is called, however in the swping
> log after the shorewall restart i see again a route by ISP (even the ISP
> down), is it normal ? should i not see one route less?
> 
> shorewall version 4.4.5.4-1.
> 
> ****
> 
> /etc/shorewall/provider
> 
> *freenew    1024       1024     main            eth2.303           
> 88.162.205.254 track,balance    eth0,eth1,eth0.**
> nerim    512       512       main            eth2.301           
> 192.168.0.1  track,balance   eth0,eth1,eth0.*
> freeold    2048       2048       main            eth2.302           
> 88.162.207.254  track,balance   eth0,eth1,eth0.*
> 
> ****
> ****
> Log :
> *eth2.303 is Down!*
> Restarting Shorewall....
> Initializing...
> Setting up Route Filtering...
> Setting up Martian Logging...
> Adding Providers...
> Setting up Traffic Control...
> Preparing iptables-restore input...
> Running /sbin/iptables-restore...
> IPv4 Forwarding Enabled
> done.
> ....
> ....
> 172.20.8.0/24 dev eth0.9  proto kernel  scope link  src 172.20.8.254
> default
>         nexthop via 88.162.205.254  dev eth2.303 weight 1
>         nexthop via 192.168.0.1  dev eth2.301 weight 1
>         nexthop via 88.162.207.254  dev eth2.302 weight 1
> 
> *eth2.303 is Up!*
> Restarting Shorewall....
> Initializing...
> Setting up Route Filtering...
> Setting up Martian Logging...
> Adding Providers...
> Setting up Traffic Control...
> Preparing iptables-restore input...
> Running /sbin/iptables-restore...
> IPv4 Forwarding Enabled
> done.
> ....
> ....
> default
>         nexthop via 88.162.205.254  dev eth2.303 weight 1
>         nexthop via 192.168.0.1  dev eth2.301 weight 1
>         nexthop via 88.162.207.254  dev eth2.302 weight 1
> ****
> 
> Thanks for your help
Looks to me like the isusable script returned zero (success) for eth2.303.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev

zorgman

2010-Feb-17 10:14 UTC

head link

Re: isusable/swping script

Tom Eastep a écrit :> zorgman wrote:
>   
>> Hi
>>
>> I''m trying to monitor my multi ISP shorewall with swping, the
script
>> works fine, i can see in log when an ISP is down, the script restart
>> shorewall and /etc/shorewall/isusable is called, however in the swping
>> log after the shorewall restart i see again a route by ISP (even the
ISP
>> down), is it normal ? should i not see one route less?
>>
>> shorewall version 4.4.5.4-1.
>>
>> ****
>>
>> /etc/shorewall/provider
>>
>> *freenew    1024       1024     main            eth2.303           
>> 88.162.205.254 track,balance    eth0,eth1,eth0.**
>> nerim    512       512       main            eth2.301           
>> 192.168.0.1  track,balance   eth0,eth1,eth0.*
>> freeold    2048       2048       main            eth2.302           
>> 88.162.207.254  track,balance   eth0,eth1,eth0.*
>>
>> ****
>> ****
>> Log :
>> *eth2.303 is Down!*
>> Restarting Shorewall....
>> Initializing...
>> Setting up Route Filtering...
>> Setting up Martian Logging...
>> Adding Providers...
>> Setting up Traffic Control...
>> Preparing iptables-restore input...
>> Running /sbin/iptables-restore...
>> IPv4 Forwarding Enabled
>> done.
>> ....
>> ....
>> 172.20.8.0/24 dev eth0.9  proto kernel  scope link  src 172.20.8.254
>> default
>>         nexthop via 88.162.205.254  dev eth2.303 weight 1
>>         nexthop via 192.168.0.1  dev eth2.301 weight 1
>>         nexthop via 88.162.207.254  dev eth2.302 weight 1
>>
>> *eth2.303 is Up!*
>> Restarting Shorewall....
>> Initializing...
>> Setting up Route Filtering...
>> Setting up Martian Logging...
>> Adding Providers...
>> Setting up Traffic Control...
>> Preparing iptables-restore input...
>> Running /sbin/iptables-restore...
>> IPv4 Forwarding Enabled
>> done.
>> ....
>> ....
>> default
>>         nexthop via 88.162.205.254  dev eth2.303 weight 1
>>         nexthop via 192.168.0.1  dev eth2.301 weight 1
>>         nexthop via 88.162.207.254  dev eth2.302 weight 1
>> ****
>>
>> Thanks for your help
>>     
>
> Looks to me like the isusable script returned zero (success) for eth2.303.
>
> -Tom
>   
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------------
> SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
> Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
> http://p.sf.net/sfu/solaris-dev2dev
> ------------------------------------------------------------------------
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>   The script isusable has returned zero when eth2.303 is come back up, but 
on the first restart of shorewall it was 1 no?
I have added some log to swping and isusable and i can see isusable 
return 1 :

cat isusable
###############################################################################
local status
status=0

[ -f ${VARDIR}/${1}.status ] && status=$(cat ${VARDIR}/${1}.status)
echo "`date` $1 statut : $status" >> /tmp/isusablestatus.log

return $status

###############################################################################

cat eth2.303.statuswithdate
*mercredi 17 février 2010, 10:43:21 (UTC+0100) 1*
cat /tmp/isusablestatus.log
mercredi 17 février 2010, 10:39:00 (UTC+0100) eth2.303 statut : 0
mercredi 17 février 2010, 10:39:00 (UTC+0100) eth2.301 statut : 0
mercredi 17 février 2010, 10:39:01 (UTC+0100) eth2.302 statut : 0
*mercredi 17 février 2010, 10:43:22 (UTC+0100) eth2.303 statut : 1*

Shorewall warn me :

ERROR: Interface eth2.303 is not usable -- Provider freenew (1024) 
Cannot be Added
Terminated

So shorewall will stop to try to trought traffic with this provider even 
if i can see the bad nexthop 88.162.205.254 ?

it seems to have stop my network, as i''m in production, i will try it
an
other time and keep you inform.




------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev

Tuomo Soini

2010-Feb-17 12:56 UTC

head link

Re: isusable/swping script

> Shorewall warn me :
> 
> ERROR: Interface eth2.303 is not usable -- Provider freenew (1024)
> Cannot be Added
> Terminated
I guess you don''t have interface option optional for eth2.303. You must
have interface option optional for every interface swping might return
failed.

-- 
Tuomo Soini <tis@foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>

------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev

Reasonably Related Threads

Search for more reasonably related threads

Shorewall users - Feb 2010 - isusable/swping script

isusable/swping script

Re: isusable/swping script

Re: isusable/swping script

Re: isusable/swping script

Reasonably Related Threads