~alpine/devel

[alpine-devel] Fwd: Re: [Shorewall-users] quagga zebra + shorewall Strange Problem

HL <freemail.grharry@gmail.com>
Details
Message ID
<523A9812.7050009@gmail.com>
Sender timestamp
1379571730
DKIM signature
missing
Download raw message
10 years ago 
Hi nc,

This might be of interest to you.
It affects the co-existence or quagga zebra etc
and shorewall 4.5.20

Regards,
Harry.



-------- Original Message --------
Subject: 	Re: [Shorewall-users] quagga zebra + shorewall Strange Problem
Date: 	Wed, 18 Sep 2013 16:48:41 -0700
From: 	Tom Eastep <teastep@shorewall.net>
To: 	HL <freemail.grharry@gmail.com>
CC: 	Shorewall Users <shorewall-users@lists.sourceforge.net>



On 9/18/2013 9:04 AM, HL wrote:
> On 14/09/2013 08:57 μμ, Tom Eastep wrote:
>> But there is no point in even using Shorewall's Multi-ISP this way since
>> the above route is completely useless on an Ethernet interface.
> Hi, Tom
>
> As promised
> before shorewall start
>
> #ip r
> default  proto zebra
>     nexthop via 10.0.11.1  dev eth1 weight 1
>     nexthop via 10.0.12.1  dev eth2 weight 1
> 8.8.4.4 via 10.0.12.1 dev eth2  proto zebra
> 8.8.8.8 via 10.0.11.1 dev eth1  proto zebra
> 10.0.11.0/24 dev eth1  proto kernel  scope link  src 10.0.11.2
> 10.0.12.0/24 dev eth2  proto kernel  scope link  src 10.0.12.2
> 10.52.0.0/24 dev eth0  proto kernel  scope link  src 10.52.0.77
> ---------------------------------------------------------------------------------------
>
> after
> shorewall start
> default  proto zebra
>     nexthop via 10.0.11.1  dev eth1 weight 1
>     nexthop via 10.0.12.1  dev eth2 weight 1
> 8.8.4.4 via 10.0.12.1 dev eth2  proto zebra
> 8.8.8.8 via 10.0.11.1 dev eth1  proto zebra
> 10.0.11.0/24 dev eth1  proto kernel  scope link  src 10.0.11.2
> 10.0.11.1 dev eth1  scope link  src 10.0.11.2  <============= THESE
> cause the problem ..
> 10.0.12.0/24 dev eth2  proto kernel  scope link  src 10.0.12.2
> 10.0.12.1 dev eth2  scope link  src 10.0.12.2 <============= **** Problem
> 10.52.0.0/24 dev eth0  proto kernel  scope link  src 10.52.0.77
>
> Entered a
> and got an inactive route
> S>* 8.8.8.8/32 [1/0] via 10.0.11.1, eth1
> S   9.9.9.9/32 [1/0] via 10.0.11.1 inactive
> C>* 10.0.11.0/24 is directly connected, eth1
>
> No mater what the providers file configuration was.
>
> So I guess the question is,
> Isn't  the route entry "10.0.11.1 dev eth1  scope link  src 10.0.11.2
> redundant
> and covered all-ready by "10.0.11.0/24 dev eth1  proto kernel  scope
> link  src 10.0.11.2" ????
>
> If I remove these routes from the tables all seem to work with no
> problem at all and very smoothly!

Those routes are there because the firewall won't start on some
distributions without them.

Apply the attached patch and add the 'nohostroute' option to your providers.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________
Reply to thread Export thread (mbox)