From 4a11dfe2924a15f19b0a7d8b5c879833d64d122f Mon Sep 17 00:00:00 2001 From: teastep Date: Fri, 20 May 2005 16:57:13 +0000 Subject: [PATCH] Fix restart with load-balancing git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2147 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall2/firewall | 11 ++++++++--- Shorewall2/providers | 14 +++++++++++++- Shorewall2/releasenotes.txt | 13 +++++++++++++ Shorewall2/tcrules | 6 +++++- 4 files changed, 39 insertions(+), 5 deletions(-) diff --git a/Shorewall2/firewall b/Shorewall2/firewall index 1f6dde019..79b0ef5f8 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -1082,8 +1082,14 @@ setup_providers() run_and_save_command qt ip route flush table $number if [ "x$duplicate" != x- ]; then - run_ip route show table $duplicate | grep -Ev ^default | while read route; do - ensure_and_save_command ip route add table $number $route + run_ip route show table $duplicate | while read net route; do + case $net in + default|nexthop) + ;; + *) + ensure_and_save_command ip route add table $number $net $route + ;; + esac done fi @@ -1151,7 +1157,6 @@ setup_providers() # local # EOF - for table in $PROVIDERS; do eval number=\$${table}_number /bin/echo -e "$number\t$table" >> /etc/iproute2/rt_tables diff --git a/Shorewall2/providers b/Shorewall2/providers index b0f7f0f49..b4e47c71e 100755 --- a/Shorewall2/providers +++ b/Shorewall2/providers @@ -50,7 +50,19 @@ # #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS # Squid 1 1 - eth2 192.168.2.99 - # -# For additional information, see http://shorewall.net/NAT.htm +# Example: +# +# eth0 connects to ISP 1. The IP address of eth0 is 206.124.146.176 and +# the ISP's gateway router has IP address 206.124.146.254. +# +# eth1 connects to ISP 2. The IP address of eth1 is 130.252.99.27 and the +# ISP's gateway router has IP address 130.252.99.254. +# +# #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS +# ISP1 1 1 main eth0 206.124.146.254 track,balance +# ISP2 2 2 main eth1 130.252.99.254 track,balance +# +# For additional information, see http://shorewall.net/Shorewall_and_Routing.html ############################################################################## #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt index 7dde50ed3..def1ca5e5 100755 --- a/Shorewall2/releasenotes.txt +++ b/Shorewall2/releasenotes.txt @@ -1,5 +1,18 @@ Shorewall 2.4.0-RC1 +----------------------------------------------------------------------- +Problems Corrected since 2.3.2 + +1) The /etc/shorewall/providers file is now installed correctly. + +2) "shorewall restart" now works correctly when multiple providers + with load-balancing were specified when Shorewall was originally + started. + +3) Routes created by entries in /etc/shorewall/proxyarp are now + copied to new routing tables created by entries in + /etc/shorewall/providers. + ----------------------------------------------------------------------- Upgrade Issues when moving to 2.4.0 diff --git a/Shorewall2/tcrules b/Shorewall2/tcrules index ba43486b1..69f8f2222 100755 --- a/Shorewall2/tcrules +++ b/Shorewall2/tcrules @@ -16,10 +16,14 @@ # final mark for each packet will be the one assigned by the # LAST tcrule that matches. # +# If you use multiple internet providers with the 'track' option, +# in /etc/shorewall/providers be sure to read the restrictions at +# http://shorewall.net/Shorewall_and_Routing.html. +# # Columns are: # # -# MARK/ a) A mark value which is a integer in the range 1-255 +# MARK/ a) A mark value which is an integer in the range 1-255 # CLASSIFY # May optionally be followed by ":P" or ":F" # where ":P" indicates that marking should occur in