shorewall-users April 2011 archive
Main Archive Page > Month Archives  > shorewall-users archives
shorewall-users: Re: [Shorewall-users] Problem default routes, S

Re: [Shorewall-users] Problem default routes, Shorewall and Multi ISPs

From: Jörg Kleuver <j.kleuver_at_nospam>
Date: Thu Apr 14 2011 - 09:50:39 GMT
To: Shorewall Users <shorewall-users@lists.sourceforge.net>

Am 13.04.2011 19:19, schrieb Tom Eastep:
> Hi Jörg,
>
> Please try the attached patch. It applies with offsets to 4.4.11.6.
>
> cd /usr/share/shorewall/
> patch -p3< .../DEFAULTRT.diff
>
> Thanks,
> -Tom
>

Hi Tom,

the patch works for the problem with nexthops from routes other than
default. The strange default route is gone. Thanks for this.

In my later setup I have no problem with default routes in the main
table anyways, since I'll be using USE_DEFAULT_RT=Yes anyways, since
ospf will change the main routing table.

Regardless of this, i'd like to know what the restore_default_route
function is supposed to do?

I played with other default routes which have a metric of 10 and 20:

      FW$> ip route
      10.0.0.1 dev ppp0 proto kernel scope link src 10.67.15.1
      10.0.1.1 dev eth3 scope link
      10.100.100.0/30 dev eth0 proto kernel scope link src 10.100.100.1
      10.100.100.8/30 dev eth0 proto kernel scope link src 10.100.100.10
      10.168.0.0/16 metric 100
              nexthop via 10.100.100.2 dev eth0 weight 1
              nexthop via 10.100.100.9 dev eth0 weight 1
      default dev ppp0 scope link metric 10
      default via 10.0.1.1 dev eth3 metric 20

After shorewall start the routing looks like this:

      FW$> ip route
      10.0.0.1 dev ppp0 proto kernel scope link src 10.67.15.1
      10.0.1.1 dev eth3 scope link
      10.100.100.0/30 dev eth0 proto kernel scope link src 10.100.100.1
      10.100.100.8/30 dev eth0 proto kernel scope link src 10.100.100.10
      10.168.0.0/16 metric 100
              nexthop via 10.100.100.2 dev eth0 weight 1
              nexthop via 10.100.100.9 dev eth0 weight 1
      default via 10.0.1.1 dev eth3 metric 20

After shorewall stop the routing still looks like this:

      FW$> ip route
      10.0.0.1 dev ppp0 proto kernel scope link src 10.67.15.1
      10.0.1.1 dev eth3 scope link
      10.100.100.0/30 dev eth0 proto kernel scope link src 10.100.100.1
      10.100.100.8/30 dev eth0 proto kernel scope link src 10.100.100.10
      10.168.0.0/16 metric 100
              nexthop via 10.100.100.2 dev eth0 weight 1
              nexthop via 10.100.100.9 dev eth0 weight 1
      default via 10.0.1.1 dev eth3 metric 20

What's the problem with this? Is there still one?

Greetings Jörg
-- CISS TDI GmbH Jörg Kleuver CISS TDI GmbH Tel. +49 2642 97 80 28 Barbarossastraße 36 Fax. +49 2642 97 80 10 53489 Sinzig, Germany Sitz der Gesellschaft: Sinzig AG Koblenz, HR-Nummer 13357 Geschäftsführer: Dipl.-Math. Joachim Figura, Dipl.-Inform. Berthold Bärk ------------------------------------------------------------------------------ Benefiting from Server Virtualization: Beyond Initial Workload Consolidation -- Increasing the use of server virtualization is a top priority.Virtualization can reduce costs, simplify management, and improve application availability and disaster protection. Learn more about boosting the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users

   © Copyright 2012 Guardian Digital, Inc. All Rights Reserved.