Hi Tom, On 31/07/12 00:52, Tom Eastep wrote: > Looks to me like your COPY column contents in /etc/shorewall/providers > are wrong. The routes out of eth0 are copied into the VPN's routing > table; see the entry marked <=== above. Well spotted! Your observation was right and led to the solution (which also caused a new problem - see below), but it was not the routes of eth0 being copied into the 'prov_vpn' routing table, it was the 'main' routing table being copied into the 'vpn_main' routing table. I removed the values from the COPY column, and also removed the values from the DUPLICATE column (which used to contain 'main', but is now '-').
If anyone else ever runs into the same trouble (track/routeback not working), this setup of 'providers' might work for you: > #NAME NUMBER MARK DUPLICATE INTERFACE > GATEWAY OPTIONS COPY > prov_main 1 1 - eth0 > detect track,balance > prov_vpn 2 2 - tun0 > detect track,optional,loose However, the new problem is that direct traffic from 129.67.194.0/255.255.252.0 to 129.67.194.105 is now routed through the default gateway of 'provider_main', which is of course unnecessary and causes new routing problems: > Jul 31 01:21:08 guust kernel: [282101.945969] Redirect from > 129.67.195.254 on eth0 about 129.67.194.110 ignored. I tried adding a specific route using the 'routes' file (which was introduced in Shorewall 4.4.15): > #PROVIDER DEST GATEWAY DEVICE > prov_main 129.67.194.0/22 - eth0 Which will compile, but 'ip -4 route add ...' doesn't like it and Shorewall doesn't start: > Jul 31 01:31:41 Adding Providers... > RTNETLINK answers: Invalid argument > ERROR: Command "ip -4 route add 129.67.194.0/22 dev eth0 table 1" > Failed So, basically, I'd like to have a route in 'prov_main' on eth0 to 129.67.194.0/255.255.252.0 which is only used if traffic actually entered the system through eth0. Any suggestions on how I can accomplish this? Thanks again! Bas ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
