Mail archive
alpine-devel

[alpine-devel] Fwd: Re: [Shorewall-users] quagga zebra + shorewall Strange Problem

From: HL <freemail.grharry_at_gmail.com>
Date: Thu, 19 Sep 2013 09:22:10 +0300

Hi nc,

This might be of interest to you.
It affects the co-existence or quagga zebra etc
and shorewall 4.5.20

Regards,
Harry.



-------- Original Message --------
Subject: Re: [Shorewall-users] quagga zebra + shorewall Strange Problem
Date: Wed, 18 Sep 2013 16:48:41 -0700
From: Tom Eastep <teastep_at_shorewall.net>
To: HL <freemail.grharry_at_gmail.com>
CC: Shorewall Users <shorewall-users_at_lists.sourceforge.net>



On 9/18/2013 9:04 AM, HL wrote:
> On 14/09/2013 08:57 μμ, Tom Eastep wrote:
>> But there is no point in even using Shorewall's Multi-ISP this way since
>> the above route is completely useless on an Ethernet interface.
> Hi, Tom
>
> As promised
> before shorewall start
>
> #ip r
> default proto zebra
> nexthop via 10.0.11.1 dev eth1 weight 1
> nexthop via 10.0.12.1 dev eth2 weight 1
> 8.8.4.4 via 10.0.12.1 dev eth2 proto zebra
> 8.8.8.8 via 10.0.11.1 dev eth1 proto zebra
> 10.0.11.0/24 dev eth1 proto kernel scope link src 10.0.11.2
> 10.0.12.0/24 dev eth2 proto kernel scope link src 10.0.12.2
> 10.52.0.0/24 dev eth0 proto kernel scope link src 10.52.0.77
> ---------------------------------------------------------------------------------------
>
> after
> shorewall start
> default proto zebra
> nexthop via 10.0.11.1 dev eth1 weight 1
> nexthop via 10.0.12.1 dev eth2 weight 1
> 8.8.4.4 via 10.0.12.1 dev eth2 proto zebra
> 8.8.8.8 via 10.0.11.1 dev eth1 proto zebra
> 10.0.11.0/24 dev eth1 proto kernel scope link src 10.0.11.2
> 10.0.11.1 dev eth1 scope link src 10.0.11.2 <============= THESE
> cause the problem ..
> 10.0.12.0/24 dev eth2 proto kernel scope link src 10.0.12.2
> 10.0.12.1 dev eth2 scope link src 10.0.12.2 <============= **** Problem
> 10.52.0.0/24 dev eth0 proto kernel scope link src 10.52.0.77
>
> Entered a
> and got an inactive route
> S>* 8.8.8.8/32 [1/0] via 10.0.11.1, eth1
> S 9.9.9.9/32 [1/0] via 10.0.11.1 inactive
> C>* 10.0.11.0/24 is directly connected, eth1
>
> No mater what the providers file configuration was.
>
> So I guess the question is,
> Isn't the route entry "10.0.11.1 dev eth1 scope link src 10.0.11.2
> redundant
> and covered all-ready by "10.0.11.0/24 dev eth1 proto kernel scope
> link src 10.0.11.2" ????
>
> If I remove these routes from the tables all seem to work with no
> problem at all and very smoothly!

Those routes are there because the firewall won't start on some
distributions without them.

Apply the attached patch and add the 'nohostroute' option to your providers.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________





---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Thu Sep 19 2013 - 09:22:10 UTC