Hi, Sorry for the late answer I was abroad.
Attached the output for: sh -x /var/lib/shorewall/firewall disable eth2 > trace1 BTW this command writes nothing in the file, the attached file is a copy of terminal output Rgds, Jean-François Bogaerts ------------------------------------------------------------------------ On 07/05/2018 17:55, Tom Eastep wrote:
On 05/07/2018 12:00 AM, Jean-Francois Bogaerts wrote:Hi, I moved "optional" from providers to interfaces config files but same result. There is something strange. Having the physical link down on ETH2. First Command shorewall disable eth2 Gives Error: "nexthop" or end of line is expected instead of "linkdown" ERROR: Command "ip -4 route replace table 250 default nexthop via 192.168.0.1 dev eth2 weight 1 linkdown" FailedOkay. Then we need to trace that failing command: sh -x /var/lib/shorewall/firewall disable eth2 > trace1 Thanks, -Tom
+ LEFTSHIFT='<<' + g_debug_iptables= + '[' 2 -gt 1 ']' + '[' xdisable = xtrace ']' + '[' xdisable = xdebug ']' + '[' -z '' ']' + '[' -n '' ']' + g_purge= + g_noroutes= + g_timestamp= + g_recovering= + g_sha1sum1=sha-lh-127826f96c732b1383e8 + g_sha1sum2=sha-rh-ecf626edb4736f505be5 + g_counters= + g_compiled= + g_file= + g_docker= + g_dockernetwork= + g_forcereload= + initialize + umask 077 + g_family=4 + g_confdir=/etc/shorewall + g_product=Shorewall + g_program=shorewall + g_basedir=/usr/share/shorewall + CONFIG_PATH=/etc/shorewall:/usr/share/shorewall + '[' -f /etc/shorewall/vardir ']' + '[' -n /var/lib/shorewall ']' + '[' -n /var/lib ']' + TEMPFILE= + DISABLE_IPV6= + MODULESDIR= + MODULE_SUFFIX=ko + LOAD_HELPERS_ONLY=Yes + LOCKFILE= + SUBSYSLOCK=/var/lock/subsys/shorewall + LOG_VERBOSITY=2 + RESTART=restart + '[' -n reload ']' + '[' -n 0 ']' + '[' -n restore ']' + SHOREWALL_VERSION=5.0.15.6 + PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin + TERMINATOR=fatal_error + DONT_LOAD= + STARTUP_LOG=/var/log/shorewall-init.log + '[' -z '' ']' ++ mywhich iptables ++ local dir +++ split /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin +++ local ifs +++ ifs=' ' +++ IFS=: +++ echo /sbin /bin /usr/sbin /usr/bin /usr/local/bin /usr/local/sbin +++ IFS=' ' ++ for dir in '$(split $PATH)' ++ '[' -x /sbin/iptables ']' ++ for dir in '$(split $PATH)' ++ '[' -x /bin/iptables ']' ++ for dir in '$(split $PATH)' ++ '[' -x /usr/sbin/iptables ']' ++ echo /usr/sbin/iptables ++ return 0 + IPTABLES=/usr/sbin/iptables + '[' -n /usr/sbin/iptables -a -x /usr/sbin/iptables ']' + case $IPTABLES in + IP6TABLES=/usr/sbin/ip6tables + IPTABLES_RESTORE=/usr/sbin/iptables-restore + '[' -x /usr/sbin/iptables-restore ']' + g_tool=/usr/sbin/iptables + g_tool='/usr/sbin/iptables --wait' + IP=ip + TC=tc + IPSET=ipset + EXT_IF1=eth2 + EXT_IF2=eth3 + g_stopping= + '[' -d /var/lib/shorewall ']' + '[' -n /var/log/shorewall-init.log ']' + touch /var/log/shorewall-init.log + chmod 0600 /var/log/shorewall-init.log + '[' 0 -eq 1 ']' + finished=0 + '[' 0 -eq 0 -a 2 -gt 0 ']' + option=disable + case $option in + finished=1 + '[' 1 -eq 0 -a 2 -gt 0 ']' + COMMAND=disable + case "$COMMAND" in + '[' 2 -eq 1 ']' + shift + '[' 1 -ne 1 ']' + mutex_on + local try + try=0 + local lockf + lockf=/var/lib/shorewall/lock + local lockpid + local lockd + MUTEX_TIMEOUT=60 + '[' 60 -gt 0 ']' ++ dirname /var/lib/shorewall/lock + lockd=/var/lib/shorewall + '[' -d /var/lib/shorewall ']' + '[' -f /var/lib/shorewall/lock ']' + qt mywhich lockfile + mywhich lockfile + lockfile -60 -r1 /var/lib/shorewall/lock + chmod u+w /var/lib/shorewall/lock + echo 5956 + chmod u-w /var/lib/shorewall/lock + product_is_started + qt1 /usr/sbin/iptables --wait -L shorewall -n + local status + '[' 1 ']' + /usr/sbin/iptables --wait -L shorewall -n + status=0 + '[' 0 -ne 4 ']' + return 0 + detect_configuration eth2 + local interface + interface=eth2 + '[' -n eth2 ']' + case $interface in + '[' -z eth2 -o eth2 = eth2 ']' ++ find_first_interface_address_if_any eth2 ++ '[' 4 -eq 4 ']' +++ ip -f inet addr show eth2 +++ grep 'inet .* global' +++ head -n1 ++ addr=' inet 192.168.0.39/24 brd 192.168.0.255 scope global eth2' ++ '[' -n ' inet 192.168.0.39/24 brd 192.168.0.255 scope global eth2' ']' ++ echo inet 192.168.0.39/24 brd 192.168.0.255 scope global eth2 ++ sed 's/\s*inet //;s/\/.*//;s/ peer.*//' + SW_ETH2_ADDRESS=192.168.0.39 + '[' -z eth2 -o eth2 = eth3 ']' + SW_ETH2_IS_USABLE= + SW_ETH3_IS_USABLE= + '[' -z eth2 -o eth2 = eth2 ']' + interface_is_usable eth2 + local status + status=0 + loopback_interface eth2 + '[' eth2 = lo ']' + ip link show eth2 + fgrep -q LOOPBACK + interface_is_up eth2 ++ ip -4 link list dev eth2 ++ grep -e '[<,]UP[,>]' + '[' -n '2: eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN mode DEFAULT group default qlen 1000' ']' ++ find_first_interface_address_if_any eth2 ++ '[' 4 -eq 4 ']' +++ ip -f inet addr show eth2 +++ grep 'inet .* global' +++ head -n1 ++ addr=' inet 192.168.0.39/24 brd 192.168.0.255 scope global eth2' ++ '[' -n ' inet 192.168.0.39/24 brd 192.168.0.255 scope global eth2' ']' ++ echo inet 192.168.0.39/24 brd 192.168.0.255 scope global eth2 ++ sed 's/\s*inet //;s/\/.*//;s/ peer.*//' + '[' 192.168.0.39 '!=' 0.0.0.0 ']' + '[' disable '!=' enable ']' + '[' '!' -f /var/lib/shorewall/eth2_disabled ']' + run_isusable_exit eth2 + true + status=0 + return 0 + SW_ETH2_IS_USABLE=Yes + '[' -z eth2 -o eth2 = eth3 ']' + disable_provider eth2 Yes + g_interface=eth2 + case $g_interface in ++ ip -4 route ls table 1 + '[' -n 'default via 192.168.0.1 dev eth2 src 192.168.0.39 linkdown 192.168.0.1 dev eth2 scope link src 192.168.0.39 linkdown ' ']' + stop_provider_Voo1 + '[' -f /var/lib/shorewall/undo_Voo1_routing ']' + delete_gateway 'via 192.168.0.1 dev eth2 weight 1' 250 eth2 + local route + local gateway + local dev ++ ip -4 -o route ls table 250 ++ grep '^default' ++ sed 's/[\]//g' + route='default nexthop via 192.168.0.1 dev eth3 weight 1 nexthop via 192.168.0.1 dev eth2 weight 1 linkdown' + gateway='via 192.168.0.1 dev eth2 weight 1' + '[' -n 'default nexthop via 192.168.0.1 dev eth3 weight 1 nexthop via 192.168.0.1 dev eth2 weight 1 linkdown' ']' + echo default nexthop via 192.168.0.1 dev eth3 weight 1 nexthop via 192.168.0.1 dev eth2 weight 1 linkdown + grep -qF ' nexthop ' + interface_is_up eth2 ++ ip -4 link list dev eth2 ++ grep -e '[<,]UP[,>]' + '[' -n '2: eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN mode DEFAULT group default qlen 1000' ']' + gateway='nexthop via 192.168.0.1 dev eth2 weight 1' + eval echo default nexthop via 192.168.0.1 dev eth3 weight 1 nexthop via 192.168.0.1 dev eth2 weight 1 linkdown '|' fgrep -q ''\''nexthop' via 192.168.0.1 dev eth2 weight '1'\''' ++ echo default nexthop via 192.168.0.1 dev eth3 weight 1 nexthop via 192.168.0.1 dev eth2 weight 1 linkdown ++ fgrep -q 'nexthop via 192.168.0.1 dev eth2 weight 1' + eval 'route=`echo' default nexthop via 192.168.0.1 dev eth3 weight 1 nexthop via 192.168.0.1 dev eth2 weight 1 linkdown '|' sed ''\''s/nexthop' via 192.168.0.1 dev eth2 weight 1/ '/'\''`' +++ echo default nexthop via 192.168.0.1 dev eth3 weight 1 nexthop via 192.168.0.1 dev eth2 weight 1 linkdown +++ sed 's/nexthop via 192.168.0.1 dev eth2 weight 1/ /' ++ route='default nexthop via 192.168.0.1 dev eth3 weight 1 linkdown' + run_ip route replace table 250 default nexthop via 192.168.0.1 dev eth3 weight 1 linkdown + ip -4 route replace table 250 default nexthop via 192.168.0.1 dev eth3 weight 1 linkdown Error: "nexthop" or end of line is expected instead of "linkdown" + error_message 'ERROR: Command "ip -4 route' replace table 250 default nexthop via 192.168.0.1 dev eth3 weight 1 'linkdown" Failed' + echo ' ERROR: Command "ip -4 route' replace table 250 default nexthop via 192.168.0.1 dev eth3 weight 1 'linkdown" Failed' ERROR: Command "ip -4 route replace table 250 default nexthop via 192.168.0.1 dev eth3 weight 1 linkdown" Failed + return 1 + stop_firewall + case $COMMAND in + set +x Terminated
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
