On 9/8/20 10:14 PM, pgndev wrote:
> I'm setting up a new SW instance, on a Fedora32 server.
>
>
> shorewall-lite version
>
> 5.2.7
>
>
> I compile locally, and push to remotes, as per my usual.
>
>
> I've configured 2 providers,
>
>
> cat providers
>
>
> myisp 1 0x100 - EXT_IF detect track,balance
>
> myvpn 2 0x200 - VPN_IF $VPN_ENDPT track,fallback
>
>
> When I compile/push, i get this fatal error
>
>
> Adding Providers...
>
> Error: argument "myisp" is myisp: invalid table ID
>
>
> ERROR: Command "/usr/sbin/ip -4 rule add fwmark 0x100/0xff00 pref 10000
> table myisp" Failed
>
> Processing stop user exit ...
>
>
>
> which originates @
>
>
> cat firewall
>
>
> ...
>
> start_provider_myisp() {
>
> if [ -n "$SW_ENP2S0_IS_USABLE" ]; then
>
> qt ip -4 route flush table myisp
>
> echo "$IP -4 route flush table myisp > /dev/null 2>&1" >
> ${VARDIR}/undo_myisp_routing
>
> cat <<EOF >> ${VARDIR}/undo_myisp_routing
>
> case \$COMMAND in
>
> enable|disable)
>
> ;;
>
> *)
>
> rm -f ${VARDIR}/enp2s0.status
>
> ;;
>
> esac
>
> EOF
>
> if [ $COMMAND = enable ]; then
>
> echo 1 > /proc/sys/net/ipv4/conf/enp2s0/log_martians
>
> echo 0 > /proc/sys/net/ipv4/conf/enp2s0/accept_source_route
>
> fi
>
> qt $IP -4 rule del fwmark 0x100/0xff00
>
> !!! run_ip rule add fwmark 0x100/0xff00 pref 10000 table myisp
>
> echo "$IP -4 rule del fwmark 0x100/0xff00 > /dev/null 2>&1" >>
> ${VARDIR}/undo_myisp_routing
>
> run_ip route replace $SW_ENP2S0_GATEWAY src $SW_ENP2S0_ADDRESS dev enp2s0
>
> run_ip route replace $SW_ENP2S0_GATEWAY src $SW_ENP2S0_ADDRESS dev
> enp2s0 table myisp
>
> run_ip route replace default via $SW_ENP2S0_GATEWAY src
> $SW_ENP2S0_ADDRESS dev enp2s0 table myisp
>
> DEFAULT_ROUTE="via $SW_ENP2S0_GATEWAY dev enp2s0 "
>
> ...
>
>
>
> i've been trying to track down the possible problem causing that
> "invalid table ID" error; so far, no luck.
>
>
> my 1st guess was a missing dependency ... but it that's it, I've managed
> to miss it :-/
>
>
> *what* exactly is _invalid_ about that ID? or it that message just a
> symptom of some other issue? any hints? even where to start to look?
> Have you set USE_RT_NAMES=Yes? That setting will cause provider names to appear in 'ip' commands rather that provider numbers. With USE_RT_NAMES=Yes, you must edit /etc/iproute2/rt_tables to provide the proper name->number mappings. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster Shoreline, \ with an international standard? Washington, USA \ A: Someone who makes you an offer you http://shorewall.org \ can't understand \________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
