Re: [Shorewall-users] Configuration - appropriate configuration with 2 default gateways

[Thomas Schneider]

Hi Tom,

unfortunately it still fails.
This is the new configuration:
/etc/shorewall/masq
#INTERFACE SOURCE          ADDRESS
eth0            10.0.0.0/24     217.8.50.86

/etc/shorewall/rtrules
#SOURCE         DEST PROVIDER        PRIORITY
10.0.0.0/24     -       um_business     1000
10.1.0.0/24     -       um_business     1000
&UMP_IF         -       um_private      1000
vmbr1           -       um_business     11000

/etc/shorewall/providers
#NAME           NUMBER MARK    DUPLICATE       INTERFACE       GATEWAY 
OPTIONS         COPY
?if $FALLBACK
um_business     1       0x10000 -               UMB_IF detect          
loose,fallback
um_private      2       0x20000 -               UMP_IF 192.168.178.1   
loose,fallback
?else
um_business     1       0x10000 -               UMB_IF detect          
loose,balance=2
um_private      2       0x20000 -               UMP_IF 192.168.178.1   
loose,balance
?endif
?if $PROXY && ! $SQUID2
tinyproxy       3       -       -               INT_IF 10.0.0.254      
loose,notrack
?endif

/etc/shorewall/params
LOG=NFLOG

INT_IF=vmbr0
TUN_IF=tun+
UMB_IF=eth0
UMP_IF=vmbr2

STATISTICAL=
PROXY=
FALLBACK=
PROXYDMZ=
SQUID2=


thomas@pc4-svp:~$ sudo ip rule ls
0:      from all lookup local
999:    from all lookup main
1000:   from 10.0.0.0/24 lookup um_business
1000:   from 10.1.0.0/24 lookup um_business
1000:   from 192.168.178.14 lookup um_private
10000:  from all fwmark 0x10000/0x30000 lookup um_business
10001:  from all fwmark 0x20000/0x30000 lookup um_private
11000:  from all iif vmbr1 lookup um_business
32765:  from all lookup balance
32767:  from all lookup default

thomas@pc4-svp:~$ sudo ip route show
10.0.0.0/24 dev vmbr0  proto kernel  scope link  src 10.0.0.1
blackhole 10.0.0.0/8
10.1.0.0/24 dev vmbr1  proto kernel  scope link  src 10.1.0.1 linkdown
blackhole 172.16.0.0/12
blackhole 192.168.0.0/16
192.168.1.0/24 dev vmbr2  proto kernel  scope link  src 192.168.178.14
192.168.1.1 dev vmbr2  scope link  src 192.168.178.14
217.8.50.64/26 dev eth0  proto kernel  scope link  src 217.8.50.86
217.8.50.65 dev eth0  scope link  src 217.8.50.86

Is this an issue with /etc/shorewall/rtrules?
Or should I rather configure /etc/shorewall/rules?


THX


Am 21.03.2016 um 16:45 schrieb Tom Eastep:
On 3/21/2016 2:18 AM, c.mo...@web.de wrote:
Hi Tom,
  
I'm sorry, but I'm not sure what to configure in /etc/shorewall/masq.
#INTERFACE           SOURCE           ADDRESS
eth0                 10.0.0.0/24      217.8.50.86

That should allow 10.0.0.0/24 to access the Internet.

Should I drop all bridge config (vmbr0, vmbr1, vmbr2) in
/etc/network/interfaces?
No.

Is it true that there's no default route to eth0?
There is a default route out of eth0 in the um_business table.

-Tom


------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users