On Sat, Jul 26, 2014, at 06:42 AM, Tom Eastep wrote:
> sh -x /var/lib/shorewall-lite/firewall 2> trace
>
> The 'trace' file will contain a shell trace.
That returns
sh -x /var/lib/shorewall-lite/firewall 2> trace
Usage: /var/lib/shorewall-lite/firewall [ options ] <command>
<command> is one of:
start
stop
clear
disable <interface>
down <interface>
enable <interface>
reset
refresh
restart
status
up <interface>
version
Options are:
-v and -q Standard Shorewall verbosity controls
-n Don't update routing configuration
-p Purge Conntrack Table
-t Timestamp progress Messages
-V <verbosity> Set verbosity explicitly
-R <file> Override RESTOREFILE setting
guessing you want, instead
sh -x /var/lib/shorewall-lite/firewall restart 2> trace.txt
Restarting Shorewall Lite....
EXEC'ing 'interfaces-setup'
done.
determined to start following what's being done, I've stepped through that
output. It LOOKS like this is the relevant section
cat trace.txt
...
+ setup_routing_and_traffic_shaping
+ '[' -z '' ']'
+ undo_routing
+ local undofiles
+ local f
+ '[' -z '' ']'
+ '[' -f /var/lib/shorewall-lite/rt_tables ']'
++ ls /var/lib/shorewall-lite/undo_balance_routing
/var/lib/shorewall-lite/undo_default_routing
/var/lib/shorewall-lite/undo_isp_routing
/var/lib/shorewall-lite/undo_main_routing
+ undofiles='/var/lib/shorewall-lite/undo_balance_routing
/var/lib/shorewall-lite/undo_default_routing
/var/lib/shorewall-lite/undo_isp_routing
/var/lib/shorewall-lite/undo_main_routing'
+ '[' -n '/var/lib/shorewall-lite/undo_balance_routing
/var/lib/shorewall-lite/undo_default_routing
/var/lib/shorewall-lite/undo_isp_routing
/var/lib/shorewall-lite/undo_main_routing' ']'
+ for f in '$undofiles'
+ . /var/lib/shorewall-lite/undo_balance_routing
++ /sbin/ip -4 rule del from 0.0.0.0/0 table 250 pref 32765
+ for f in '$undofiles'
+ . /var/lib/shorewall-lite/undo_default_routing
+ for f in '$undofiles'
+ . /var/lib/shorewall-lite/undo_isp_routing
++ /sbin/ip -4 route flush table 1
++ case $COMMAND in
++ rm -f /var/lib/shorewall-lite/eth0.status
++ /sbin/ip -4 rule del fwmark 0x1/0xff
++ /sbin/ip -4 rule del from S.S.S.S pref 20000
+ for f in '$undofiles'
+ . /var/lib/shorewall-lite/undo_main_routing
++ /sbin/ip -4 rule add from 0.0.0.0/0 table 254 pref 32766
++ /sbin/ip -4 rule del from 0.0.0.0/0 table 254 pref 999
+ rm -f /var/lib/shorewall-lite/undo_balance_routing
/var/lib/shorewall-lite/undo_default_routing
/var/lib/shorewall-lite/undo_isp_routing
/var/lib/shorewall-lite/undo_main_routing
+ progress_message 'Shorewall-generated routing tables and
routing rules removed'
+ local timestamp
+ timestamp=
+ '[' 0 -gt 1 ']'
+ '[' 2 -gt 1 ']'
++ date '+%b %_d %T'
+ timestamp='Jul 26 08:24:59 '
+ echo 'Jul 26 08:24:59 Shorewall-generated routing tables and
routing rules removed'
+ '[' -w /etc/iproute2/rt_tables ']'
+ cat
+ '[' -f /var/lib/shorewall-lite/default_route ']'
+ progress_message2 Adding Providers...
+ local timestamp
+ timestamp=
+ '[' 0 -gt 0 ']'
+ '[' 2 -gt 0 ']'
++ date '+%b %_d %T'
+ timestamp='Jul 26 08:24:59 '
+ echo 'Jul 26 08:24:59 Adding' Providers...
+ DEFAULT_ROUTE=
+ FALLBACK_ROUTE=
+ start_provider_isp
+ interface_is_usable eth0
+ local status
+ status=0
+ '[' eth0 '!=' lo ']'
+ interface_is_up eth0
++ /sbin/ip -4 link list dev eth0
++ grep -e '[<,]UP[,>]'
+ '[' -n '2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000' ']'
++ find_first_interface_address_if_any eth0
++ '[' 4 -eq 4 ']'
+++ /sbin/ip -f inet addr show eth0
+++ grep 'inet .* global'
+++ head -n1
++ addr=' inet S.S.S.S/24 brd S.S.S.255 scope global eth0'
++ '[' -n ' inet S.S.S.S/24 brd S.S.S.255 scope global eth0'
']'
++ echo inet S.S.S.S/24 brd S.S.S.255 scope global eth0
++ sed 's/\s*inet //;s/\/.*//;s/ peer.*//'
+ '[' S.S.S.S '!=' 0.0.0.0 ']'
+ '[' restart = enable ']'
+ run_isusable_exit eth0
+ local status
+ status=0
+ '[' -f /var/lib/shorewall-lite/eth0.status ']'
+ return 0
+ status=0
+ return 0
+ '[' -n S.S.S.1 ']'
+ qt ip -4 route flush table 1
+ ip -4 route flush table 1
+ echo '/sbin/ip -4 route flush table 1 > /dev/null 2>&1'
+ cat
+ '[' restart = enable ']'
+ qt /sbin/ip -4 rule del fwmark 0x1/0xff
+ /sbin/ip -4 rule del fwmark 0x1/0xff
+ run_ip rule add fwmark 0x1/0xff pref 10000 table 1
+ /sbin/ip -4 rule add fwmark 0x1/0xff pref 10000 table 1
+ echo '/sbin/ip -4 rule del fwmark 0x1/0xff > /dev/null 2>&1'
+ run_ip route replace S.S.S.1 src S.S.S.S dev eth0
+ /sbin/ip -4 route replace S.S.S.1 src S.S.S.S dev eth0
+ run_ip route replace S.S.S.1 src S.S.S.S dev eth0 table 1
+ /sbin/ip -4 route replace S.S.S.1 src S.S.S.S dev eth0 table 1
+ run_ip route add default via S.S.S.1 src S.S.S.S dev eth0
table 1
+ /sbin/ip -4 route add default via S.S.S.1 src S.S.S.S dev
eth0 table 1
+ DEFAULT_ROUTE='nexthop via S.S.S.1 dev eth0 weight 1 '
+ find_interface_addresses eth0
+ read address
+ /sbin/ip -f inet addr show eth0
+ grep 'inet '
+ sed 's/\s*inet //;s/\/.*//;s/ peer.*//'
+ qt /sbin/ip -4 rule del from S.S.S.S
+ /sbin/ip -4 rule del from S.S.S.S
+ run_ip rule add from S.S.S.S pref 20000 table 1
+ /sbin/ip -4 rule add from S.S.S.S pref 20000 table 1
+ echo '/sbin/ip -4 rule del from S.S.S.S pref 20000 >
/dev/null 2>&1'
+ rulenum=1
+ read address
+ echo 0
+ progress_message 'Provider isp (1) Started'
+ local timestamp
+ timestamp=
+ '[' 0 -gt 1 ']'
+ '[' 2 -gt 1 ']'
++ date '+%b %_d %T'
+ timestamp='Jul 26 08:24:59 '
+ echo 'Jul 26 08:24:59 Provider isp (1) Started'
!! + start_provider_vpn
!! + '[' -n '' ']'
!! + echo 1
!! + error_message 'WARNING: Interface tun1 is not usable --
Provider vpn (2) not Started'
+ echo ' WARNING: Interface tun1 is not usable -- Provider
vpn (2) not Started'
WARNING: Interface tun1 is not usable -- Provider vpn (2)
not Started
+ run_ip rule add from 0.0.0.0/0 table 254 pref 999
+ /sbin/ip -4 rule add from 0.0.0.0/0 table 254 pref 999
+ run_ip rule add from 0.0.0.0/0 table 250 pref 32765
+ /sbin/ip -4 rule add from 0.0.0.0/0 table 250 pref 32765
+ /sbin/ip -4 rule del from 0.0.0.0/0 table 254 pref 32766
+ echo '/sbin/ip -4 rule add from 0.0.0.0/0 table 254 pref
32766 > /dev/null 2>&1'
+ echo '/sbin/ip -4 rule del from 0.0.0.0/0 table 254 pref 999
> /dev/null 2>&1'
+ echo '/sbin/ip -4 rule del from 0.0.0.0/0 table 250 pref
32765 > /dev/null 2>&1'
+ '[' -n 'nexthop via S.S.S.1 dev eth0 weight 1 ' ']'
+ run_ip route replace default scope global table 250 nexthop
via S.S.S.1 dev eth0 weight 1
+ /sbin/ip -4 route replace default scope global table 250
nexthop via S.S.S.1 dev eth0 weight 1
+ qt /sbin/ip -4 route del default table 254
+ /sbin/ip -4 route del default table 254
++ echo nexthop via S.S.S.1 dev eth0 weight 1
++ sed 's/$\s*//'
+ progress_message 'Default route '\''nexthop via S.S.S.1 dev
eth0 weight 1'\'' Added'
+ local timestamp
+ timestamp=
+ '[' 0 -gt 1 ']'
+ '[' 2 -gt 1 ']'
++ date '+%b %_d %T'
+ timestamp='Jul 26 08:24:59 '
+ echo 'Jul 26 08:24:59 Default route '\''nexthop via S.S.S.1
dev eth0 weight 1'\'' Added'
+ delete_default_routes 253
+ /sbin/ip -4 route ls table 253
+ grep -F default
+ grep -vF metric
+ read route
+ run_ip route flush cache
+ /sbin/ip -4 route flush cache
+ cat
+ '[' restart '!=' refresh ']'
+ cat
+ cat
+ cat
+ '[' restart = restore ']'
+ '[' restart = refresh ']'
+ setup_netfilter
...
the `+ start_provider_isp` stanza seems to do its thing, but for the vpn
provider
!! + start_provider_vpn
!! + '[' -n '' ']'
!! + echo 1
!! + error_message 'WARNING: Interface tun1 is not usable --
Provider vpn (2) not Started'
with no immediate indication why.
DLing the src, the error arises at
cat Shorewall/Perl/Shorewall/Providers.pm
...
if ( $optional ) {
if ( $shared ) {
emit ( "error_message \"WARNING: Gateway $gateway is not
reachable -- Provider $table ($number) not Started\"" );
} elsif ( $pseudo ) {
emit ( "error_message \"WARNING: Optional Interface $physical
is not usable -- $table not Started\"" );
} else {
976 emit ( "error_message \"WARNING: Interface $physical is not
usable -- Provider $table ($number) not Started\"" );
}
} else {
if ( $shared ) {
emit( "fatal_error \"Gateway $gateway is not reachable --
Provider $table ($number) Cannot be Started\"" );
} else {
emit( "fatal_error \"Interface $physical is not usable --
Provider $table ($number) Cannot be Started\"" );
}
}
...
with a condition of
$optional, !$shared, !$pseudo
Is that's NOT the right place to be looking, let me know what addl info is
needed?
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
