On Monday, October 8, 2018, 7:30:45 PM GMT+2, Tom Eastep <teas...@shorewall.net> wrote: > > default via 192.168.144.1 dev ppp3 metric 4009 > > 'reenable' does not delete that route, but 'restart' and 'reload' do > delete the route. > > This issue will be corrected by omitting 'defaultroute' from your > ppp configuration.
I removed that option. Now my ppp options are as follows: noauth persist holdoff 0 maxfail 0 noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp Restarting both the ppp links and shorewall works as expected (this contradicts one of my previous findings that I required the default route, but at this point it's better to just look forward). So let's move on to the test. Just to make things a tad more exciting, I found out that my pppoe links do not re-sync at all after rebooting my modems, ie., nothing in syslog indicates that pppd has tried to reconnect to my providers. I don't know if it's due to the "UNKNOWN state" of all my ppp links, or if I'm not setting up my ppp options appropriately. In any case, I am required to manually restart my ppp script each time I reboot a modem... So here's the script I ran today: ping -c 5 -n -I ppp3 8.8.8.8 shorewall show routing > routing0 echo "Reboot modem (ISP3), and wait until it's back up again (check ppp ip-up.d script), then press ENTER" read shorewall show routing > routing1 shorewall disable ppp3 shorewall show routing > routing2 shorewall enable ppp3 shorewall show routing > routing3 ping -c 5 -n -I ppp3 8.8.8.8 echo "Press ENTER if ping fails" read shorewall reload ping -c 5 -n -I ppp3 8.8.8.8 shorewall show routing > routing4 echo "Press ENTER if ping fails again" read /etc/init.d/net.ppp3 restart echo "Check ppp ip-up.d script and press ENTER" read shorewall show routing > routing1b shorewall disable ppp3 shorewall show routing > routing2b shorewall enable ppp3 shorewall show routing > routing3b ping -c 5 -n -I ppp3 8.8.8.8 echo "Press ENTER if ping fails" read shorewall reload ping -c 5 -n -I ppp3 8.8.8.8 shorewall show routing > routing4b The ping test above starts working ONLY after the last shorewall reload -- so routing4b is the working config (routing0 too, of course). In the link below you will find the routing* files and a custom ppp ip-up.d script (99-custom.sh) with the related output in ppp_up_data which was obtained only after restarting the net.ppp3 init script. https://drive.google.com/open?id=1Ly445Qzx9RXICMeC5UdQ9YK5Hcgywtf2 The only difference between the dump after reenabling ppp3 (routing3b) and reloading shorewall (routing4b) is: -default dev ppp3 +default nexthop dev ppp1 weight 1 nexthop dev ppp2 weight 1 nexthop dev ppp3 weight 1 Just one last test... I decided to restart the ppp3 init script without rebooting the modem or restarting shorewall. # ping -n -I ppp3 8.8.8.8 64 bytes from 8.8.8.8: icmp_seq=1 ttl=121 time=14.0 ms ping: sendmsg: Network is unreachable ping: sendmsg: Network is unreachable ping: sendmsg: Network is unreachable ^C Please find the routing data here: https://drive.google.com/open?id=1K8DB5Xs05MuMG1botQ3htLlsh3MrPB4F In this case "shorewall reenable ppp3" DOES restore proper traffic through ppp3. Please note that when I reboot the modem the local public ppp-assigned IP address may have changed. It was the case in my routing{1-4}{,b} test above, but not in this one. Still don't quite get why I'm getting the "Network is unreachable" message before reenabling in the last test. Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
