On Thu, 2011-10-20 at 09:39 -0600, Jeff Taylor wrote: > > I have also been trying to set up the providers file under shorewall6, but > every > time I enable the entries, shorewall6 bombs on restart. Note again that I do > use the providers entries under shorewall with no failures... > > Providers: > ISP1 10 10 main sit1 2001:470:8388::1 track > eth1,eth2,eth3,eth5 > ISP2 20 20 main sit2 2001:470:f032::1 track > eth1,eth2,eth3,eth5 > > When restarting, I get the following error in the log: > 09:13:09 Adding Providers... > RTNETLINK answers: No route to host > ERROR: Command "ip -6 route add default via 2001:470:8388::1 src > 2001:470:8388::1 dev sit1 table 10" Failed
Looks like your default gateway has the same IP address as sit1! > > Note that I tried doing this with the tunnel device (sit1) and the ethernet > device (eth0), making the appropriate changes to providers and interfaces. > I'm > just completely lost here, I don't know what I'm missing. I just allocated a second tunnel from HE and set up providers: #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY HE1 1 - main sit1 2001:470:a:227::1 track mac,br0,eth1,eth2 HE2 2 - - sit2 2001:470:a:787::1 track and route_rules: #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY HE1 1 - main sit1 2001:470:a:227::1 track mac,br0,eth1,eth2 HE2 2 - - sit2 2001:470:a:787::1 track I only encountered one problem in that I had to remove the word 'cache' from the output of 'ip -6 route ls' when copying routes from main to table 1. Patch attached. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm
index 69d8892..7778a86 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -149,9 +149,9 @@ sub copy_table( $$$ ) {
emit '';
if ( $realm ) {
- emit ( "\$IP -$family -o route show table $duplicate | sed -r 's/ realm [[:alnum:]_]+//' | while read net route; do" )
+ emit ( "\$IP -$family -o route show table $duplicate | sed -r 's/ realm [[:alnum:]_]+//; s/ cache / /' | while read net route; do" )
} else {
- emit ( "\$IP -$family -o route show table $duplicate | ${filter}while read net route; do" )
+ emit ( "\$IP -$family -o route show table $duplicate | sed -r 's/ cache / /' | ${filter}while read net route; do" )
}
emit ( ' case $net in',
@@ -183,9 +183,9 @@ sub copy_and_edit_table( $$$$ ) {
emit '';
if ( $realm ) {
- emit ( "\$IP -$family -o route show table $duplicate | sed -r 's/ realm [[:alnum:]]+//' | while read net route; do" )
+ emit ( "\$IP -$family -o route show table $duplicate | sed -r 's/ realm [[:alnum:]]+//; s/ cache / /' | while read net route; do" )
} else {
- emit ( "\$IP -$family -o route show table $duplicate | ${filter}while read net route; do" )
+ emit ( "\$IP -$family -o route show table $duplicate | sed -r 's/ cache / /' | ${filter}while read net route; do" )
}
emit ( ' case $net in',
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Ciosco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
