Re: [Shorewall-users] interface failover

Sat, 12 May 2018 00:59:29 -0700 

Dear Tom,

Still the same

Attached trace output for the same command:   sh -x
/var/lib/shorewall/firewall disable eth2 > trace3

Rgds,

Jean-François Bogaerts
------------------------------------------------------------------------

------------------------------------------------------------------------
On 12/05/2018 00:09, Tom Eastep wrote:

On 05/11/2018 01:46 PM, Jean-Francois Bogaerts wrote:

Dear Tom,

Unfortunately same result...

Attached trace output for the same command:   sh -x
/var/lib/shorewall/firewall disable eth2 > trace2

Reverse that patch:

     patch -R /usr/share/shorewall/lib.runtime < INTERFACESTATE.patch

And apply this one

     patch /usr/share/shorewall/lib.runtime < INTERFACESTATE1.patch
     shorewall compile

Thanks,
-Tom



JF Bogaerts
------------------------------------------------------------------------
On 11/05/2018 18:03, Tom Eastep wrote:

On 05/11/2018 02:47 AM, Jean-Francois Bogaerts wrote:

Hi,

Sorry for the late answer I was abroad.

Attached the output for:

sh -x /var/lib/shorewall/firewall disable eth2 > trace1

BTW this command writes nothing in the file, the attached file is a copy of 
terminal output


See if the attached patch corrects the problem.

     patch /usr/share/shorewall/lib.runtime < INTERFACESTATE.patch
     shorewall compile

Thanks,
-Tom


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot



_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users





------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users



+ LEFTSHIFT='<<'
+ g_debug_iptables=
+ '[' 2 -gt 1 ']'
+ '[' xdisable = xtrace ']'
+ '[' xdisable = xdebug ']'
+ '[' -z '' ']'
+ '[' -n '' ']'
+ g_purge=
+ g_noroutes=
+ g_timestamp=
+ g_recovering=
+ g_sha1sum1=sha-lh-aa60a857d491e5c29146
+ g_sha1sum2=sha-rh-f7a9e43891a14da678b2
+ g_counters=
+ g_compiled=
+ g_file=
+ g_docker=
+ g_dockernetwork=
+ g_forcereload=
+ initialize
+ umask 077
+ g_family=4
+ g_confdir=/etc/shorewall
+ g_product=Shorewall
+ g_program=shorewall
+ g_basedir=/usr/share/shorewall
+ CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
+ '[' -f /etc/shorewall/vardir ']'
+ '[' -n /var/lib/shorewall ']'
+ '[' -n /var/lib ']'
+ TEMPFILE=
+ DISABLE_IPV6=
+ MODULESDIR=
+ MODULE_SUFFIX=ko
+ LOAD_HELPERS_ONLY=Yes
+ LOCKFILE=
+ SUBSYSLOCK=/var/lock/subsys/shorewall
+ LOG_VERBOSITY=2
+ RESTART=restart
+ '[' -n reload ']'
+ '[' -n 0 ']'
+ '[' -n restore ']'
+ SHOREWALL_VERSION=5.0.15.6
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
+ TERMINATOR=fatal_error
+ DONT_LOAD=
+ STARTUP_LOG=/var/log/shorewall-init.log
+ '[' -z '' ']'
++ mywhich iptables
++ local dir
+++ split /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
+++ local ifs
+++ ifs='       
'
+++ IFS=:
+++ echo /sbin /bin /usr/sbin /usr/bin /usr/local/bin /usr/local/sbin
+++ IFS='       
'
++ for dir in '$(split $PATH)'
++ '[' -x /sbin/iptables ']'
++ for dir in '$(split $PATH)'
++ '[' -x /bin/iptables ']'
++ for dir in '$(split $PATH)'
++ '[' -x /usr/sbin/iptables ']'
++ echo /usr/sbin/iptables
++ return 0
+ IPTABLES=/usr/sbin/iptables
+ '[' -n /usr/sbin/iptables -a -x /usr/sbin/iptables ']'
+ case $IPTABLES in
+ IP6TABLES=/usr/sbin/ip6tables
+ IPTABLES_RESTORE=/usr/sbin/iptables-restore
+ '[' -x /usr/sbin/iptables-restore ']'
+ g_tool=/usr/sbin/iptables
+ g_tool='/usr/sbin/iptables --wait'
+ IP=ip
+ TC=tc
+ IPSET=ipset
+ EXT_IF1=eth2
+ EXT_IF2=eth3
+ g_stopping=
+ '[' -d /var/lib/shorewall ']'
+ '[' -n /var/log/shorewall-init.log ']'
+ touch /var/log/shorewall-init.log
+ chmod 0600 /var/log/shorewall-init.log
+ '[' 0 -eq 1 ']'
+ finished=0
+ '[' 0 -eq 0 -a 2 -gt 0 ']'
+ option=disable
+ case $option in
+ finished=1
+ '[' 1 -eq 0 -a 2 -gt 0 ']'
+ COMMAND=disable
+ case "$COMMAND" in
+ '[' 2 -eq 1 ']'
+ shift
+ '[' 1 -ne 1 ']'
+ mutex_on
+ local try
+ try=0
+ local lockf
+ lockf=/var/lib/shorewall/lock
+ local lockpid
+ local lockd
+ MUTEX_TIMEOUT=60
+ '[' 60 -gt 0 ']'
++ dirname /var/lib/shorewall/lock
+ lockd=/var/lib/shorewall
+ '[' -d /var/lib/shorewall ']'
+ '[' -f /var/lib/shorewall/lock ']'
+ qt mywhich lockfile
+ mywhich lockfile
+ lockfile -60 -r1 /var/lib/shorewall/lock
+ chmod u+w /var/lib/shorewall/lock
+ echo 3555
+ chmod u-w /var/lib/shorewall/lock
+ product_is_started
+ qt1 /usr/sbin/iptables --wait -L shorewall -n
+ local status
+ '[' 1 ']'
+ /usr/sbin/iptables --wait -L shorewall -n
+ status=0
+ '[' 0 -ne 4 ']'
+ return 0
+ detect_configuration eth2
+ local interface
+ interface=eth2
+ '[' -n eth2 ']'
+ case $interface in
+ '[' -z eth2 -o eth2 = eth2 ']'
++ find_first_interface_address_if_any eth2
++ '[' 4 -eq 4 ']'
+++ ip -f inet addr show eth2
+++ grep 'inet .* global'
+++ head -n1
++ addr='    inet 192.168.0.43/24 brd 192.168.0.255 scope global eth2'
++ '[' -n '    inet 192.168.0.43/24 brd 192.168.0.255 scope global eth2' ']'
++ echo inet 192.168.0.43/24 brd 192.168.0.255 scope global eth2
++ sed 's/\s*inet //;s/\/.*//;s/ peer.*//'
+ SW_ETH2_ADDRESS=192.168.0.43
+ '[' -z eth2 -o eth2 = eth3 ']'
+ SW_ETH2_IS_USABLE=
+ SW_ETH3_IS_USABLE=
+ '[' -z eth2 -o eth2 = eth2 ']'
+ interface_is_usable eth2
+ local status
+ status=0
+ loopback_interface eth2
+ '[' eth2 = lo ']'
+ ip link show eth2
+ fgrep -q LOOPBACK
+ interface_is_up eth2
++ ip -4 link list dev eth2
++ grep -e '[<,]UP[,>]'
+ '[' -n '2: eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state 
DOWN mode DEFAULT group default qlen 1000 | fgrep -v '\'' state DOWN '\''' ']'
++ find_first_interface_address_if_any eth2
++ '[' 4 -eq 4 ']'
+++ ip -f inet addr show eth2
+++ grep 'inet .* global'
+++ head -n1
++ addr='    inet 192.168.0.43/24 brd 192.168.0.255 scope global eth2'
++ '[' -n '    inet 192.168.0.43/24 brd 192.168.0.255 scope global eth2' ']'
++ echo inet 192.168.0.43/24 brd 192.168.0.255 scope global eth2
++ sed 's/\s*inet //;s/\/.*//;s/ peer.*//'
+ '[' 192.168.0.43 '!=' 0.0.0.0 ']'
+ '[' disable '!=' enable ']'
+ '[' '!' -f /var/lib/shorewall/eth2_disabled ']'
+ run_isusable_exit eth2
+ true
+ status=0
+ return 0
+ SW_ETH2_IS_USABLE=Yes
+ '[' -z eth2 -o eth2 = eth3 ']'
+ disable_provider eth2 Yes
+ g_interface=eth2
+ case $g_interface in
++ ip -4 route ls table 1
+ '[' -n 'default via 192.168.0.1 dev eth2  src 192.168.0.43 linkdown 
192.168.0.1 dev eth2  scope link  src 192.168.0.43 linkdown ' ']'
+ stop_provider_Voo1
+ '[' -f /var/lib/shorewall/undo_Voo1_routing ']'
+ delete_gateway 'via 192.168.0.1 dev eth2 weight 1' 250 eth2
+ local route
+ local gateway
+ local dev
++ ip -4 -o route ls table 250
++ grep '^default'
++ sed 's/[\]//g'
+ route='default        nexthop via 192.168.0.1  dev eth2 weight 1 linkdown     
nexthop via 192.168.0.1  dev eth3 weight 1'
+ gateway='via 192.168.0.1 dev eth2 weight 1'
+ '[' -n 'default       nexthop via 192.168.0.1  dev eth2 weight 1 linkdown     
nexthop via 192.168.0.1  dev eth3 weight 1' ']'
+ echo default nexthop via 192.168.0.1 dev eth2 weight 1 linkdown nexthop via 
192.168.0.1 dev eth3 weight 1
+ grep -qF ' nexthop '
+ interface_is_up eth2
++ ip -4 link list dev eth2
++ grep -e '[<,]UP[,>]'
+ '[' -n '2: eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state 
DOWN mode DEFAULT group default qlen 1000 | fgrep -v '\'' state DOWN '\''' ']'
+ gateway='nexthop via 192.168.0.1 dev eth2 weight 1'
+ eval echo default nexthop via 192.168.0.1 dev eth2 weight 1 linkdown nexthop 
via 192.168.0.1 dev eth3 weight 1 '|' fgrep -q ''\''nexthop' via 192.168.0.1 
dev eth2 weight '1'\'''
++ echo default nexthop via 192.168.0.1 dev eth2 weight 1 linkdown nexthop via 
192.168.0.1 dev eth3 weight 1
++ fgrep -q 'nexthop via 192.168.0.1 dev eth2 weight 1'
+ eval 'route=`echo' default nexthop via 192.168.0.1 dev eth2 weight 1 linkdown 
nexthop via 192.168.0.1 dev eth3 weight 1 '|' sed ''\''s/nexthop' via 
192.168.0.1 dev eth2 weight 1/ '/'\''`'
+++ echo default nexthop via 192.168.0.1 dev eth2 weight 1 linkdown nexthop via 
192.168.0.1 dev eth3 weight 1
+++ sed 's/nexthop via 192.168.0.1 dev eth2 weight 1/ /'
++ route='default   linkdown nexthop via 192.168.0.1 dev eth3 weight 1'
+ run_ip route replace table 250 default linkdown nexthop via 192.168.0.1 dev 
eth3 weight 1
+ ip -4 route replace table 250 default linkdown nexthop via 192.168.0.1 dev 
eth3 weight 1
Error: either "to" is duplicate, or "linkdown" is a garbage.
+ error_message 'ERROR: Command "ip -4 route' replace table 250 default 
linkdown nexthop via 192.168.0.1 dev eth3 weight '1" Failed'
+ echo '   ERROR: Command "ip -4 route' replace table 250 default linkdown 
nexthop via 192.168.0.1 dev eth3 weight '1" Failed'
   ERROR: Command "ip -4 route replace table 250 default linkdown nexthop via 
192.168.0.1 dev eth3 weight 1" Failed
+ return 1
+ stop_firewall
+ case $COMMAND in
+ set +x
Terminated


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to