Re: [Shorewall-users] interface failover

Wed, 16 May 2018 04:11:42 -0700 

Dear Tom,

I made some extensive tests and have the following results:

Disabling link with command: /var/lib/shorewall/firewall disable eth2
while physical link is down makes the internet speed very slow through firewall Like if there where timeout hanging before routing packets through the working interface. 

Restarting shorewall with physical eth2 link down gives normal behavior.
When checking routing with : shorewall show routing I have a difference between the two cases: 

Table main:
192.168.0.0/24 dev eth2 proto kernel scope link src 192.168.0.51 (with disable command)
192.168.0.0/24 dev eth2 proto kernel scope link src 192.168.0.51 linkdown (with shorewall restart) 

When restarting shorewall  "linkdown" is added

Might this be the problem ?

Br,

Shorewall 5.0.15.6




Jean-François Bogaerts
------------------------------------------------------------------------

On 12/05/2018 17:03, Tom Eastep wrote:

On 05/12/2018 12:57 AM, Jean-Francois Bogaerts wrote:

Dear Tom,

Still the same

Attached trace output for the same command:   sh -x
/var/lib/shorewall/firewall disable eth2 > trace3


Okay -- I was able to test this one and it does the right thing.

Again, revert the prior patch:

     patch -R /usr/share/shorewall/lib.runtime < INTERFACESTATE1.patch

And apply this one

     patch /usr/share/shorewall/lib.runtime < INTERFACESTATE1.patch
     shorewall compile

-Tom


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to