On 9/15/2018 1:17 AM, HL wrote:
> Hi,
>
> I am facing a peculiar situation with a new 10G (HP) L3 switch + Cisco
> catalyst ,
>
> shorewall runs on a machine that has a few interfaces,
>
> in particular
>
> 2 bonded interfaces to to a cisco catalyst 1G
>
> and
>
> 2 bonded 10G interfaces to an hp 10G
>
> all bonds are 802.3ad mode
>
> When I boot the machine all bonded interfaces have a delay to respond
> due to portfast being off but I prefer it for safety since the switches
> change often configuration and links move from port to port.
>
> However even though after reboot it seems that the firewall is OK, zones
> communication is not, and as such local zone is not able to ping dmz etc.
>
After reboot what is the state of Shorewall ('shorewall status')?
Anything in the log ('/var/log/shorewall-init.log')?
> I have to login into the fw and issue
>
> shorewall stop; shorewall clear; shorewall start;
>
Depending of the Shorewall version being used, 'shorewall restart' will
do that.
> in order communications among the zones to function.
>
> Any ideas ?
>
Shorewall needs to be started after the interfaces are configured, the
options 'wait' and 'optional' in '/etc/shorewall/interfaces' might be
worth looking at.
Also, on some distribution 'shorewall-init' will react on interfaces
going up and down.
HTH.
-Matt
--
Matt Darfeuille
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
