Hi folks, I'd greatly appreciate some help with a problem that has soaked up a lot of time, and has me stumped so far, please.
First some background:
I've had a Gentoo-based 4-NIC firewall happily running an earlier
version of Shorewall for several years. Recently it died, and when I
built a new one, I installed Ubuntu 14.04 LTS and Shorewall 4.5.21.6.
A great deal seemed to have changed in Shorewall, so I followed the
3-interface guide, and all was well. I'll explain the zones below, but
for now, the third interface was a DSL line via a DSL modem, with static
IP (/28).
Having got that far, in order to add in the fourth interface, I followed
the multi-ISP guide, but I just can't get it to work at all. Shorewall
will not start as it says the fourth interface is not usable. My zones
are as follows:
---- cut here ----
dmz ipv4
loc ipv4
net0 ipv4 # Eclipse ADSL static
net1 ipv4 # Virgin Media dynamic
---- cut here ----
My interfaces are as follows:
---- cut here ----
loc eth0
dmz eth1
net0 eth2
net1 eth3
---- cut here ----
My Shorewall version is: 4.5.21.6.
My kernel is: Linux fw1 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15
03:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
It's a standard Ubuntu Server install, but I have turned IPV6 off as
follows in /etc/sysctl.conf:
#
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
and in /etc/shorewall.conf:
DISABLE_IPV6=Yes
In a nutshell, the problem I have is that when I start Shorewall, this
is the output:
---- cut here ----
# shorewall -vvvvvv start
Starting Shorewall....
Initializing...
Setting up ARP filtering...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Accept Source Routing...
Setting up Proxy ARP...
Disabling Kernel Automatic Helper Association
Adding Providers...
Null Routing the RFC 1918 subnets
Provider ECLI (1) Started
WARNING: Interface eth3 is not usable -- Provider VIRG (2) not Started
Default route 'nexthop dev eth2 weight 1' Added
Preparing iptables-restore input...
Running /sbin/iptables-restore...
IPv4 Forwarding Enabled
done.
---- cut here ----
I'm sure this is something simple I'm missing, but I've looked so long
and hard at it I can't see the wood for the trees!
I've attached a gzip file of "shorewall dump" done on the machine
immediately after a reboot.
Many thanks in advance, Laurie.
--
---------------------------------------------------------------------
www.convergent-ict.com
You manage your business.
We manage your IT.
---------------------------------------------------------------------
shorewall-dump.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
