SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0000010: default gateway outside ip/netmask range - MantisBT
MantisBT - Endian Firewall
View Issue Details
0000010Endian FirewallGUIpublic2006-08-05 09:352009-10-27 12:01
heupink 
peter-endian 
normalblockalways
closedfixed 
2 
2.3 
0000010: default gateway outside ip/netmask range
many adsl providers in holland (xs4all, direct-adsl, etc) require the following static ethernet settings:
ip address: 81.x.x.x
netmask: 255.255.255.0
gateway: 195.190.249.83

Endian does NOT allow you to specify this, saying that the provided gateway is outside the ip/netmask range. While is true, these settings ARE in fact correct, and they DO work.

This is a show stopper for us.
Astaro, one of your main competitors I guess, does allow you to enter these settings, and therefore works perfectly.

My suggestion would be to change the web interface to double-check the values with the user. "Are you sure you want to use these settings? (because gateway is outside the ip/netmask range)
needsfix
has duplicate 0000199closed peter-endian no default route in red zone via DHCP 
Issue History
2006-08-05 09:35heupinkNew Issue
2006-08-06 19:00peter-endianNote Added: 0000012
2006-08-06 19:00peter-endianAssigned To => peter-endian
2006-08-06 19:00peter-endianStatusnew => acknowledged
2006-08-08 07:07dayneNote Added: 0000013
2006-08-08 12:55heupinkNote Added: 0000015
2006-08-09 21:39baldyNote Added: 0000016
2006-09-22 12:03baldyNote Edited: 0000016
2006-09-22 12:04baldyNote Edited: 0000016
2007-10-28 14:38peter-endianRelationship addedhas duplicate 0000199
2009-02-17 16:53peter-endianTag Attached: needsfix
2009-02-17 20:47peter-endianNote Added: 0001973
2009-02-17 20:47peter-endianStatusacknowledged => resolved
2009-02-17 20:47peter-endianFixed in Version => 2.3
2009-02-17 20:47peter-endianResolutionopen => fixed
2009-10-27 12:01peter-endianStatusresolved => closed

Notes
(0000012)
peter-endian   
2006-08-06 19:00   
the linux kernel does not accept a gateway outside of the known networks. therefore this check will be made otherwise the cli command "ip" gives errors.

i think this is a messed up setup of your provider, but since it seems more users have this issue and in fact it is a show stopper we try to solve it.
can you please post the output of

route -n

of your astaro box, so we can see how they implement it.

thank you
(0000013)
dayne   
2006-08-08 07:07   
From heupink via mailinglists:

astaro:/root # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.138 0.0.0.0 255.255.255.255 UH 0 0 0 eth2
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
81.207.240.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo

A tracert (from an internal windows workstation) then looks like this:
Tracing route to redirect.kpn-is.nl [195.121.7.193]
over a maximum of 30 hops:
   1 <1 ms <1 ms <1 ms 192.168.1.70
   2 <1 ms <1 ms <1 ms 10.0.0.138
   3 7 ms 7 ms 7 ms 195.190.249.83
   4 18 ms 12 ms 13 ms iawxsrt-dc2-bb21b.wxs.nl [213.75.1.5]
   5 12 ms 12 ms 12 ms iawxssw-dc2-cr01a.wxs.nl [213.75.14.6]
   6 12 ms 13 ms 12 ms iawxsrt-dc2-bb21a.wxs.nl [213.75.1.61]
   7 12 ms 12 ms 15 ms iawxssw-dc2-l4-07.wxs.nl [195.121.7.193]
Trace complete.

Does this help? The modem (speedtouch 510) is setup in the so called
SIP_SPOOF configuration. (to be able to assign public ip to a pc instead
of the modem)

Best regards,

Dayne
(0000015)
heupink   
2006-08-08 12:55   
just a note:
I tried to get network up and running on Knoppix 5.1 which has kernel 2.6.17.

ip route add default via 10.0.0.138 dev eth1 onlink

(onlink: pretend that the nexthop is directly attached to this link, even if it does not match any interface prefix)

I guess you guys all know this, but for me this was *NEW* and *EXCITING* ;-)
(0000016)
baldy   
2006-08-09 21:39   
(edited on: 2006-09-22 12:04)
All,

There are quite a lot of users in the Netherlands who use the SIP_Spoof template for the Speedtouch modems.

For this configuration you will need to modify the following files:
 
in /var/efw/uplinks/main you should modify the file named settings, which should be modified as followes :
 
BACKUPPROFILE=
DEFAULT_GATEWAY=10.0.0.138
DNS1="YOUR ISP's PRIMARY DNS SERVER's IP ADDRESS"
DNS2="YOUR ISP's SECONDARY DNS SERVER IP ADDRESS"
ENABLED=on
RED_ADDRESS="YOUR OUTSIDE IP ADDRESS
RED_BROADCAST=10.0.0.255
RED_CIDR=32
RED_DEV=eth1
RED_NETADDRESS=10.0.0.0
RED_NETMASK=255.255.255.255
RED_TYPE=STATIC
RTABLE=200
TRACE_HOSTS=64.94.110.11
TRACE_MIN_HOP=2
 
Furthermore you should modify another file to accomodate the appropriate routing
 
This file is located in /var/efw/inithooks and is called updatered.local
 
The following lines should be entered in this file
 
route add 10.0.0.138 dev eth1
route add default gw 10.0.0.138
 
Hope this helps,
 
Regards,
 
Klaas

(0001973)
peter-endian   
2009-02-17 20:47   
used the onlink option
thank you for the note! great option :)
the option with the hostroute however did not work out