On 7/26/10 6:37 PM, Stephen Brown wrote: > Well I'm still having a tough time getting this to work and I can't > figure out why, I am most likely missing something or misconfiguring > something. > > I have two providers, one is local to the box with a static IP (DSL) on > it's own interface (eth0), the other is on eth1 hanging off a wireless > router with a static address (eth1). eth2 serves my LAN at 192.168.1.0/24 > > Goal is to use the DSL as the main source and the cable as a backup and > route particular traffic over it. > > Here is my /etc/network/interfaces: > # eth0 > # CenturyLink DSL > auto eth0 > iface eth0 inet static > address 76.5.159.171 > netmask 255.255.255.224 > gateway 76.5.159.161 > > # virtual interface to DSL modem > auto eth0:0 > iface eth0:0 inet static > address 192.168.2.2 > netmask 255.255.255.0 > > # eth1 > # comcast > # static config towards wireless router > auto eth1 > iface eth1 inet static > address 192.168.10.1 > netmask 255.255.255.0 > gateway 192.168.10.2 > > # eth2 > # interface facing local LAN 10/100/1000 > auto eth2 > iface eth2 inet static > address 192.168.1.1 > netmask 255.255.255.0 > > /etc/shorewall/providers: > #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY > OPTIONS COPY > CenturyLink 1 - main eth0 76.5.159.161 > track,balance eth2 > Comcast 2 - main eth1 detect > track,loose,fallback eth2 > > If I leave eth1 down, shorewall is happy but will complain about it and > start normally. However, when I bring eth1 up, I get two default route > entries in the routing tables, which I find odd and I'm not sure how to > correct that: > (without eth1 online) > bubastis:/etc/shorewall# ip route list > 76.5.159.160/27 dev eth0 proto kernel scope link src 76.5.159.171 > 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.2 > 192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.1 > default via 76.5.159.161 dev eth0 > > (with eth1 online) > bubastis:/etc/shorewall# ip route list > 76.5.159.160/27 dev eth0 proto kernel scope link src 76.5.159.171 > 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.2 > 192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.1 > 192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.1 > default via 192.168.10.2 dev eth1 > default via 76.5.159.161 dev eth0 > > If I attempt to start shorewall with eth1 enabled, I get this error: > Adding Providers... > RTNETLINK answers: File exists > ERROR: Command "ip -4 route replace default scope global table 254 > nexthop via 76.5.159.161 dev eth0 weight 1" Failed > Running /sbin/iptables-restore... > IPv4 Forwarding Enabled > /usr/share/shorewall/lib.common: line 63: 6627 Terminated > $SHOREWALL_SHELL $script $options $@ > > So I'm stuck and largely confused :(
Remove the default route on eth1 from /etc/network/interfaces. > > Also worth mentioning, on a seperately related issue, that since > upgrading to 4.4.11 I am seeing this upon restart: > touch: cannot touch `/var/lock/subsys/shorewall': No such file or directory > > Not a big deal as I could probably just make the directory myself, but > thought it was worth mentioning.... Next time that you upgrade Shorewall, DO NOT ALLOW THE UPGRADE TO REPLACE shorewall.conf. To recover now, edit the file and set SUBSYSLOCK="" -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://ad.doubleclick.net/clk;226879339;13503038;l? http://clk.atdmt.com/CRS/go/247765532/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
