On 11/14/2017 02:10 PM, Brian J. Murrell wrote: > Hi. > > When I try to apply a policy a second time (even without changing it) > from a shorewall6 5.0.14.1 machine to a remote shorewall6-lite 5.1.8 > machine I get an error: > > Initializing... > Adding Providers... > RTNETLINK answers: File exists > ERROR: Command "/usr/bin/ip -6 route replace default scope global table > 250 nexthop dev eth0.2 weight 1 nexthop dev pppoe-wan1 weight 1 nexthop via > 2001:123:1c:456::1 dev 6in4-henet weight 1" Failed > Restoring Shorewall6 Lite... > Initializing... > Adding Providers... > RTNETLINK answers: File exists > ERROR: Command "ip -6 route replace default scope global table 250 nexthop > dev eth0.2 weight 1 nexthop dev pppoe-wan1 weight 1 nexthop via > 2001:123:1c:456::1 dev 6in4-henet weight 1" Failed > Preparing ip6tables-restore input... > Running /usr/sbin/ip6tables-restore... > IPv6 Forwarding Enabled > Terminated > Terminated > > Looking at table 250: > > # ip -6 route ls table 250 > default via 2001:123:1c:456::1 dev 6in4-henet metric 1024 pref medium > > Is it expected that ip should be able to replace the above with what > shorewall6 wants to replace it with and this is a bug in the ip tool or > is there something wrong with the replacement specification? > > If I flush that table an re-run the remote-reload, unsurprisingly it > succeeds.
This is a known problem -- see the known problems section of current releasenotes. Basically, 'balance' doesn't work with IPv6 because the above routes are not balanced routes but rather two separate routes with different metrics. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
