Sebastian Tänzer
2011-May-07 14:01 UTC
Problem on shorewall restart with 4.4.19.1 on Debian 6.0
Hello list,
system is a Debian 6.0 using manually installed 4.4.19.1 from source. Setup is a
multi-ISP setup running on eth1 and ppp0 which WAS working fine so far but since
the upgrade to 4.4.19.1 doesn''t work reliably anymore, too.
A restart of shorewall brings up this error (which wasn''t there when
using the shorewall version coming with Deb 6.0):
firewall:~# shorewall restart
Compiling...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
Determining Hosts in Zones...
Locating Action Files...
Compiling /etc/shorewall/policy...
Adding rules for DHCP
Compiling TCP Flags filtering...
Compiling policy actions...
Compiling /usr/share/shorewall/action.Reject for chain Reject...
Compiling /usr/share/shorewall/action.Drop for chain Drop...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling /etc/shorewall/providers...
Compiling /etc/shorewall/masq...
Compiling MAC Filtration -- Phase 1...
Compiling /etc/shorewall/rules...
Compiling /etc/shorewall/tunnels...
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Generating Rule Matrix...
Creating iptables-restore input...
Compiling iptables-restore input for chain mangle:...
Compiling /etc/shorewall/routestopped...
Shorewall configuration compiled to /var/lib/shorewall/.restart
Restarting Shorewall....
Initializing...
Setting up Route Filtering...
Setting up Martian Logging...
awk: BEGIN {default=0;}; \
awk: ^ syntax error
awk: Kommandozeile:1: /^default / {default=1; print; next}; \
awk: Kommandozeile:1: ^ syntax error
awk: Kommandozeile:2: /nexthop/ {if (default == 1 ) {print ; next} }; \
awk: Kommandozeile:2: ^ syntax error
awk: Kommandozeile:3: { default=0; };
awk: Kommandozeile:3: ^ syntax error
Adding Providers...
WARNING: Interface eth1 is not usable -- Provider ISP1 (1) not Added
WARNING: No Default route added (all ''balance'' providers
are down)
Setting up Traffic Control...
Preparing iptables-restore input...
Running /sbin/iptables-restore...
IPv4 Forwarding Enabled
Processing /etc/shorewall/started ...
done.
Has this been corrected in a more recent dev release perhaps?
Thanks for feedback,
Sebastian
-
tänzermedien GmbH - Agentur für Online-Medien
Kekuléstr. 39 | 53115 Bonn, Germany
Planung und Entwicklung digitaler Medien | Internetauftritte
Webanwendungen | Content Management Systeme | Hosting
E-Mail: st@taenzer.me | Web: http://www.taenzer.me
Tel.: 0228-304134-0 | Fax.: 0228-304134-99
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
Tom Eastep
2011-May-07 14:35 UTC
Re: Problem on shorewall restart with 4.4.19.1 on Debian 6.0
On 5/7/11 7:01 AM, Sebastian Tänzer wrote:> Hello list, > > system is a Debian 6.0 using manually installed 4.4.19.1 from source. Setup is a multi-ISP setup running on eth1 and ppp0 which WAS working fine so far but since the upgrade to 4.4.19.1 doesn''t work reliably anymore, too. > > A restart of shorewall brings up this error (which wasn''t there when using the shorewall version coming with Deb 6.0): > > firewall:~# shorewall restart > Compiling... > Processing /etc/shorewall/params ... > Processing /etc/shorewall/shorewall.conf... > Loading Modules... > Compiling /etc/shorewall/zones... > Compiling /etc/shorewall/interfaces... > Determining Hosts in Zones... > Locating Action Files... > Compiling /etc/shorewall/policy... > Adding rules for DHCP > Compiling TCP Flags filtering... > Compiling policy actions... > Compiling /usr/share/shorewall/action.Reject for chain Reject... > Compiling /usr/share/shorewall/action.Drop for chain Drop... > Compiling Kernel Route Filtering... > Compiling Martian Logging... > Compiling /etc/shorewall/providers... > Compiling /etc/shorewall/masq... > Compiling MAC Filtration -- Phase 1... > Compiling /etc/shorewall/rules... > Compiling /etc/shorewall/tunnels... > Compiling MAC Filtration -- Phase 2... > Applying Policies... > Generating Rule Matrix... > Creating iptables-restore input... > Compiling iptables-restore input for chain mangle:... > Compiling /etc/shorewall/routestopped... > Shorewall configuration compiled to /var/lib/shorewall/.restart > Restarting Shorewall.... > Initializing... > Setting up Route Filtering... > Setting up Martian Logging... > awk: BEGIN {default=0;}; \ > awk: ^ syntax error > awk: Kommandozeile:1: /^default / {default=1; print; next}; \ > awk: Kommandozeile:1: ^ syntax error > awk: Kommandozeile:2: /nexthop/ {if (default == 1 ) {print ; next} }; \ > awk: Kommandozeile:2: ^ syntax error > awk: Kommandozeile:3: { default=0; }; > awk: Kommandozeile:3: ^ syntax error > Adding Providers... > WARNING: Interface eth1 is not usable -- Provider ISP1 (1) not Added > WARNING: No Default route added (all ''balance'' providers are down) > Setting up Traffic Control... > Preparing iptables-restore input... > Running /sbin/iptables-restore... > IPv4 Forwarding Enabled > Processing /etc/shorewall/started ... > done. > > Has this been corrected in a more recent dev release perhaps?Something is odd on your system. I run the same combination and I don''t get these syntax errors. Please try this: a) . /usr/share/shorewall/prog.header b) ip -4 route ls | save_default_route Do you see these errors in that case. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
Sebastian Tänzer
2011-May-07 14:45 UTC
Re: Problem on shorewall restart with 4.4.19.1 on Debian 6.0
prog.header gives me no errors.
the ip command evokes the error:
firewall:/usr/share/shorewall# ip -4 route ls | save_default_route
awk: BEGIN {default=0;}; \
awk: ^ syntax error
awk: Kommandozeile:1: /^default / {default=1; print; next}; \
awk: Kommandozeile:1: ^ syntax error
awk: Kommandozeile:2: /nexthop/ {if (default == 1 ) {print ; next} }; \
awk: Kommandozeile:2: ^ syntax error
awk: Kommandozeile:3: { default=0; };
awk: Kommandozeile:3: ^ syntax error
any ideas what I messed up?
Am 07.05.2011 um 16:35 schrieb Tom Eastep:
> On 5/7/11 7:01 AM, Sebastian Tänzer wrote:
>> Hello list,
>>
>> system is a Debian 6.0 using manually installed 4.4.19.1 from source.
Setup is a multi-ISP setup running on eth1 and ppp0 which WAS working fine so
far but since the upgrade to 4.4.19.1 doesn''t work reliably anymore,
too.
>>
>> A restart of shorewall brings up this error (which wasn''t
there when using the shorewall version coming with Deb 6.0):
>>
>> firewall:~# shorewall restart
>> Compiling...
>> Processing /etc/shorewall/params ...
>> Processing /etc/shorewall/shorewall.conf...
>> Loading Modules...
>> Compiling /etc/shorewall/zones...
>> Compiling /etc/shorewall/interfaces...
>> Determining Hosts in Zones...
>> Locating Action Files...
>> Compiling /etc/shorewall/policy...
>> Adding rules for DHCP
>> Compiling TCP Flags filtering...
>> Compiling policy actions...
>> Compiling /usr/share/shorewall/action.Reject for chain Reject...
>> Compiling /usr/share/shorewall/action.Drop for chain Drop...
>> Compiling Kernel Route Filtering...
>> Compiling Martian Logging...
>> Compiling /etc/shorewall/providers...
>> Compiling /etc/shorewall/masq...
>> Compiling MAC Filtration -- Phase 1...
>> Compiling /etc/shorewall/rules...
>> Compiling /etc/shorewall/tunnels...
>> Compiling MAC Filtration -- Phase 2...
>> Applying Policies...
>> Generating Rule Matrix...
>> Creating iptables-restore input...
>> Compiling iptables-restore input for chain mangle:...
>> Compiling /etc/shorewall/routestopped...
>> Shorewall configuration compiled to /var/lib/shorewall/.restart
>> Restarting Shorewall....
>> Initializing...
>> Setting up Route Filtering...
>> Setting up Martian Logging...
>> awk: BEGIN {default=0;}; \
>> awk: ^ syntax error
>> awk: Kommandozeile:1: /^default / {default=1; print; next}; \
>> awk: Kommandozeile:1: ^ syntax error
>> awk: Kommandozeile:2: /nexthop/ {if (default == 1 ) {print ;
next} }; \
>> awk: Kommandozeile:2: ^ syntax error
>> awk: Kommandozeile:3: { default=0; };
>> awk: Kommandozeile:3: ^ syntax error
>> Adding Providers...
>> WARNING: Interface eth1 is not usable -- Provider ISP1 (1) not Added
>> WARNING: No Default route added (all ''balance''
providers are down)
>> Setting up Traffic Control...
>> Preparing iptables-restore input...
>> Running /sbin/iptables-restore...
>> IPv4 Forwarding Enabled
>> Processing /etc/shorewall/started ...
>> done.
>>
>> Has this been corrected in a more recent dev release perhaps?
>
> Something is odd on your system. I run the same combination and I
don''t
> get these syntax errors.
>
> Please try this:
>
> a) . /usr/share/shorewall/prog.header
> b) ip -4 route ls | save_default_route
>
> Do you see these errors in that case.
>
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
------------------------------------------------------------------------------
> WhatsUp Gold - Download Free Network Management Software
> The most intuitive, comprehensive, and cost-effective network
> management toolset available today. Delivers lowest initial
> acquisition cost and overall TCO of any competing solution.
>
http://p.sf.net/sfu/whatsupgold-sd_______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
Tom Eastep
2011-May-07 14:51 UTC
Re: Problem on shorewall restart with 4.4.19.1 on Debian 6.0
On 5/7/11 7:45 AM, Sebastian Tänzer wrote:> prog.header gives me no errors. > > the ip command evokes the error: > > firewall:/usr/share/shorewall# ip -4 route ls | save_default_route > awk: BEGIN {default=0;}; \ > awk: ^ syntax error > awk: Kommandozeile:1: /^default / {default=1; print; next}; \ > awk: Kommandozeile:1: ^ syntax error > awk: Kommandozeile:2: /nexthop/ {if (default == 1 ) {print ; next} }; \ > awk: Kommandozeile:2: ^ syntax error > awk: Kommandozeile:3: { default=0; }; > awk: Kommandozeile:3: ^ syntax error > > any ideas what I messed up? >What shell do you have installed as /bin/sh? Also, does ''which awk'' return /usr/bin/awk? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
Tom Eastep
2011-May-07 15:18 UTC
Re: Problem on shorewall restart with 4.4.19.1 on Debian 6.0
On 5/7/11 7:51 AM, Tom Eastep wrote:> > Also, does ''which awk'' return /usr/bin/awk? >And if it does, what do these commands show: ls -l /usr/bin/awk ls -l /etc/alternatives/awk Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
Tom Eastep
2011-May-07 15:43 UTC
Re: Problem on shorewall restart with 4.4.19.1 on Debian 6.0
On 5/7/11 8:18 AM, Tom Eastep wrote:> On 5/7/11 7:51 AM, Tom Eastep wrote: > >> >> Also, does ''which awk'' return /usr/bin/awk? >> > > And if it does, what do these commands show: > > ls -l /usr/bin/awk > ls -l /etc/alternatives/awk > > Thanks,I''ve found the problem. It occurs when ''gawk'' is installed rather than ''mawk''. The attached copy of /usr/share/shorewall/prog.header resolves the issue. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
Sebastian Tänzer
2011-May-07 15:52 UTC
Re: Problem on shorewall restart with 4.4.19.1 on Debian 6.0
Something''s really messed up here - now when restarting Shorewall I also get this message: May 3 16:35:18 Adding Providers... RTNETLINK answers: No such process ERROR: Command "ip -4 route add default via 95.223.244.1 src 178.201.94.238 dev eth1 table 1" Failed Then shorewall terminates. I had to manually remove eth1 from my providers file to get online at all. Answers to your questions: firewall:/usr/share/shorewall# which awk /usr/bin/awk /bin/sh -> /bin/dash firewall:/var/log# ls -l /usr/bin/awk lrwxrwxrwx 1 root root 21 13. Aug 2010 /usr/bin/awk -> /etc/alternatives/awk firewall:/var/log# ls -l /etc/alternatives/awk lrwxrwxrwx 1 root root 13 13. Aug 2010 /etc/alternatives/awk -> /usr/bin/gawk Am 07.05.2011 um 17:18 schrieb Tom Eastep:> On 5/7/11 7:51 AM, Tom Eastep wrote: > >> >> Also, does ''which awk'' return /usr/bin/awk? >> > > And if it does, what do these commands show: > > ls -l /usr/bin/awk > ls -l /etc/alternatives/awk > > Thanks, > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > ------------------------------------------------------------------------------ > WhatsUp Gold - Download Free Network Management Software > The most intuitive, comprehensive, and cost-effective network > management toolset available today. Delivers lowest initial > acquisition cost and overall TCO of any competing solution. > http://p.sf.net/sfu/whatsupgold-sd_______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
Sebastian Tänzer
2011-May-07 16:02 UTC
Re: Problem on shorewall restart with 4.4.19.1 on Debian 6.0
OK, this solves the problem. I''m still left with eth1 not working as first ISP. Interface itself works and I can reach outside domains through it from the firewall. When restarting shorewall it gives me: Adding Providers... RTNETLINK answers: No such process ERROR: Command "ip -4 route add default via 95.223.244.1 src 88.153.50.70 dev eth1 table 1" Failed Any ideas on this? The configuration worked like a charm for weeks now and I absolutely did not change a thing. eth1 is a cable modem configured as dhcp auto. Am 07.05.2011 um 17:43 schrieb Tom Eastep:> On 5/7/11 8:18 AM, Tom Eastep wrote: >> On 5/7/11 7:51 AM, Tom Eastep wrote: >> >>> >>> Also, does ''which awk'' return /usr/bin/awk? >>> >> >> And if it does, what do these commands show: >> >> ls -l /usr/bin/awk >> ls -l /etc/alternatives/awk >> >> Thanks, > > I''ve found the problem. It occurs when ''gawk'' is installed rather than > ''mawk''. The attached copy of /usr/share/shorewall/prog.header resolves > the issue. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > <prog.header>------------------------------------------------------------------------------ > WhatsUp Gold - Download Free Network Management Software > The most intuitive, comprehensive, and cost-effective network > management toolset available today. Delivers lowest initial > acquisition cost and overall TCO of any competing solution. > http://p.sf.net/sfu/whatsupgold-sd_______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
Tom Eastep
2011-May-07 16:14 UTC
Re: Problem on shorewall restart with 4.4.19.1 on Debian 6.0
On 5/7/11 9:02 AM, Sebastian Tänzer wrote:> OK, this solves the problem. > > I''m still left with eth1 not working as first ISP. Interface itself works and I can reach outside domains through it from the firewall. > When restarting shorewall it gives me: > > Adding Providers... > RTNETLINK answers: No such process > ERROR: Command "ip -4 route add default via 95.223.244.1 src 88.153.50.70 dev eth1 table 1" Failed > > Any ideas on this? > > The configuration worked like a charm for weeks now and I absolutely did not change a thing. > eth1 is a cable modem configured as dhcp auto.To help you further, I''m going to need: a) The output of ''shorewall dump'' as an attachment (and with your current working config). b) The shorewall.tgz file produced by ''tar -zxf shorewall.tgz /etc/shorewall'' You can send them to me privately so as to not spam the list with the large attachments. Thanks, -Tom PS - I only have an hour or so to look at this, then must go out for the rest of the day. -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
Tom Eastep
2011-May-08 03:22 UTC
Re: Problem on shorewall restart with 4.4.19.1 on Debian 6.0
On 5/7/11 9:02 AM, Sebastian Tänzer wrote:> OK, this solves the problem. > > I''m still left with eth1 not working as first ISP. Interface itself works and I can reach outside domains through it from the firewall. > When restarting shorewall it gives me: > > Adding Providers... > RTNETLINK answers: No such process > ERROR: Command "ip -4 route add default via 95.223.244.1 src 88.153.50.70 dev eth1 table 1" Failed > > Any ideas on this? > > The configuration worked like a charm for weeks now and I absolutely did not change a thing. > eth1 is a cable modem configured as dhcp auto.I''ve compiled your old configuration; the following two commands are executed in sequence: run_ip route replace $SW_ETH1_GATEWAY src $SW_ETH1_ADDRESS dev eth1 table 1 run_ip route add default via $SW_ETH1_GATEWAY src $SW_ETH1_ADDRESS dev eth1 table 1 From the error message you posted, we can see that $SW_ETH1_ADDRESS is 95.223.244.1. ''run_ip'' stops the firewall (or restores the last saved configuration if any) if the command fails. So the first command is apparently succeeding but the second is failing with an error message that suggests that the first command failed. As an experiment please try: ip route replace 95.233.244.1 src 88.153.50.70 dev eth1 table 99 ip route add default via 95.233.244.1 src 88.153.50.70 dev eth1 table 99 What happens? Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
Tom Eastep
2011-May-08 03:48 UTC
Re: Problem on shorewall restart with 4.4.19.1 on Debian 6.0
On 5/7/11 8:22 PM, Tom Eastep wrote:> On 5/7/11 9:02 AM, Sebastian Tänzer wrote: >> OK, this solves the problem. >> >> I''m still left with eth1 not working as first ISP. Interface itself works and I can reach outside domains through it from the firewall. >> When restarting shorewall it gives me: >> >> Adding Providers... >> RTNETLINK answers: No such process >> ERROR: Command "ip -4 route add default via 95.223.244.1 src 88.153.50.70 dev eth1 table 1" Failed >> >> Any ideas on this? >> >> The configuration worked like a charm for weeks now and I absolutely did not change a thing. >> eth1 is a cable modem configured as dhcp auto. > > I''ve compiled your old configuration; the following two commands are > executed in sequence: > > run_ip route replace $SW_ETH1_GATEWAY src $SW_ETH1_ADDRESS dev eth1 table 1 > > run_ip route add default via $SW_ETH1_GATEWAY src $SW_ETH1_ADDRESS dev > eth1 table 1 > > From the error message you posted, we can see that $SW_ETH1_ADDRESS is > 95.223.244.1. ''run_ip'' stops the firewall (or restores the last saved > configuration if any) if the command fails. So the first command is > apparently succeeding but the second is failing with an error message > that suggests that the first command failed. > > As an experiment please try: > > ip route replace 95.233.244.1 src 88.153.50.70 dev eth1 table 99 > ip route add default via 95.233.244.1 src 88.153.50.70 dev eth1 table 99 > > What happens?I can actually answer that myself. I did an experiment with a configuration similar to yours and produced the same failure. I was able to work around the problem by adding a host route to 95.223.244.1 *in the main* table: ip route add 95.233.244.1 src 88.153.50.70 dev eth1 The DHCP client should have added that route but apparently did not (or it was deleted somehow). Given that your configuration has worked in the past, the route must have been there until recently. Finally, the Shorewall-generated routing rules in 4.4.19.1 are the same as those generated by 4.4.11.6. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
Tom Eastep
2011-May-08 04:29 UTC
Re: Problem on shorewall restart with 4.4.19.1 on Debian 6.0
On 5/7/11 8:48 PM, Tom Eastep wrote:> On 5/7/11 8:22 PM, Tom Eastep wrote: > > I can actually answer that myself. I did an experiment with a > configuration similar to yours and produced the same failure. I was able > to work around the problem by adding a host route to 95.223.244.1 *in > the main* table: > > ip route add 95.233.244.1 src 88.153.50.70 dev eth1 > > The DHCP client should have added that route but apparently did not (or > it was deleted somehow). Given that your configuration has worked in the > past, the route must have been there until recently. > > Finally, the Shorewall-generated routing rules in 4.4.19.1 are the same > as those generated by 4.4.11.6.Attached is a patch to /usr/share/shorewall/Shorewall/Providers.pm that should restore the missing route. Please let me know if it solves your problem. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
Sebastian Tänzer
2011-May-08 09:40 UTC
Re: Problem on shorewall restart with 4.4.19.1 on Debian 6.0
Hello Tom, the patch file itself gave me a error but I manually patched providers.pm and this actually solves the problem, yes! Thanks a lot for your help! Wouldn''t have found this on my own.. I guess our provider (unitymedia in Germany) changed some settings so that this route wasn''t set via DHCP anymore. Best Sebastian Am 08.05.2011 um 06:29 schrieb Tom Eastep:> On 5/7/11 8:48 PM, Tom Eastep wrote: >> On 5/7/11 8:22 PM, Tom Eastep wrote: >> >> I can actually answer that myself. I did an experiment with a >> configuration similar to yours and produced the same failure. I was able >> to work around the problem by adding a host route to 95.223.244.1 *in >> the main* table: >> >> ip route add 95.233.244.1 src 88.153.50.70 dev eth1 >> >> The DHCP client should have added that route but apparently did not (or >> it was deleted somehow). Given that your configuration has worked in the >> past, the route must have been there until recently. >> >> Finally, the Shorewall-generated routing rules in 4.4.19.1 are the same >> as those generated by 4.4.11.6. > > Attached is a patch to /usr/share/shorewall/Shorewall/Providers.pm that > should restore the missing route. Please let me know if it solves your > problem. > > Thanks, > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > <ROUTE.patch>------------------------------------------------------------------------------ > WhatsUp Gold - Download Free Network Management Software > The most intuitive, comprehensive, and cost-effective network > management toolset available today. Delivers lowest initial > acquisition cost and overall TCO of any competing solution. > http://p.sf.net/sfu/whatsupgold-sd_______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
Tom Eastep
2011-May-08 15:11 UTC
Re: Problem on shorewall restart with 4.4.19.1 on Debian 6.0
May 8, 2011, at 2:40 AM, Sebastian Tänzer <st@taenzer.me> wrote:> Hello Tom, > > the patch file itself gave me a error but I manually patched providers.pm and this actually solves the problem, yes! > > Thanks a lot for your help! Wouldn't have found this on my own.. I guess our provider (unitymedia in Germany) > changed some settings so that this route wasn't set via DHCP anymore.Hello Sebastian, It might also be that your ISP also just switched you to this out-of-network gateway and your DHCP client isn't handling it properly. -Tom ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users