SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0001132: Static Routes defined in GUI dont work properly - MantisBT
MantisBT - Endian Firewall
View Issue Details
0001132Endian FirewallMigrationpublic2008-07-16 15:442013-06-05 14:58
normalminorhave not tried
0001132: Static Routes defined in GUI dont work properly
i definded some static routes in the gui. ping to the destination network worked correctly. ssh for example not. after trying some things out with firewall settings i decided to put the routes directly to the system by using route add -net 1 ... in the efw server. now everything is fine. as the new 2.2. allows to use a gui but the result is not working i guess its a problem :)

No tags attached.
related to 0000877closed peter-endian Static route donĀ“t work 
Issue History
2008-07-16 15:44mablassNew Issue
2008-07-16 17:04mablassNote Added: 0001451
2008-07-16 17:11peter-endianNote Added: 0001452
2008-07-18 21:33mablassNote Added: 0001463
2008-09-09 13:59peter-endianRelationship addedrelated to 0000877
2009-02-24 16:21BrainsNote Added: 0001995
2009-06-12 14:44TelemakNote Added: 0002611
2009-06-12 15:59luca-endianNote Added: 0002612
2009-06-12 19:36TelemakNote Added: 0002618
2009-06-22 15:44TelemakNote Added: 0002652
2009-06-22 16:49peter-endianNote Added: 0002653
2009-06-29 14:13luca-endianNote Added: 0002692
2009-06-29 14:34TelemakNote Added: 0002694
2009-06-30 12:38TelemakNote Added: 0002702
2010-01-06 15:51n9ytyNote Added: 0003649
2010-01-07 15:19peter-endianStatusnew => feedback
2010-01-30 13:12sifi986Note Added: 0003726
2010-09-23 15:44peter-endianStatusfeedback => acknowledged
2010-11-23 02:07ytechNote Added: 0005179
2011-09-14 06:18SheldmanduNote Added: 0007404
2012-03-02 18:11shairozanNote Added: 0007740
2012-05-06 03:23cemendesNote Added: 0007858
2013-06-05 14:58ltintiNote Added: 0008433

2008-07-16 17:04   
update: the problem can only be solved by adding some additional NAT rule for the target network. actually i believe the topic is related to 0000444. ping works with the gui defintion but not other services
2008-07-16 17:11   
are you sure that you don't miss the return route or default route on the other side?
mentioning the NAT rules would make me think of that
2008-07-18 21:33   
when using a hardwarebox everything works fine. i just downgraded to endian 2.1.2 and added static routes. everything is ok - but 2.2 makes trouble
2009-02-24 16:21   
Confirmed - static routes added via the GUI are never passed down to the kernel.

Adding routes via the shell works as intended (ie. route add -net <network> gw <gateway>)
2009-06-12 14:44   
Confirmed for me too with 2.2 final
2009-06-12 15:59   
Can you paste the output of these commands:
cat /var/efw/routing/config
ip rule show
2009-06-12 19:36   
In this configuration, the route don't work all the time, but only after making a traceroute in the pc.
But after puting it by the route add command, maybe it works better. I will have result of this test Monday.
2009-06-22 15:44   
It's all ok if I put the routes with this command in ssh :

route add -host gw
route add -net netmask gw
route add -net gw

For helping...

2009-06-22 16:49   
you created routing entries which direct traffic *from* to several networks to the gateway

For example this rule:

means, that *only* traffic from to that external network goes through gateway Maybe that is not what you want. Maybe you want direct *all* traffic to that external ip through the gateway?

That's what you did with the route commands. Those route commands aren't exactly the same configuration as through the GUI. BTW, "route" is a deprecated interface and may be overruled by other ip rule entries.

Try to remove the source-part of your GUI rules, that should then be the same as you did with the route commands.
2009-06-29 14:13   
can you gently paste the output of this command:

ip route show table 5

thank you
2009-06-29 14:34   
Puting a source or not ? I will try but if I've choice, I prefer puting a source. (And all the PC concerned are really in, the others may not use this routes).

ip route show table 5 give :
default via dev br0
2009-06-30 12:38   
In the GUI, in the routing page, the source is shown as required. But like you say, we can not fill it with no GUI error.
I've corrected the routes by removing source and not puting it manually in kernel routing. Then I obtain :

Commande : route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface * U 0 0 0 eth1 * U 0 0 0 br0
default UG 0 0 0 eth1

Commande : ip route show table 5
Same as above

Comande : ip route show
0: from all lookup local
5: from all to lookup main
5: from all to lookup main
10: from all to lookup 5
10: from all to lookup 5
10: from all to lookup 5
10: from all to lookup 5
10: from all to lookup 5
10: from all to lookup 5
10: from all to lookup 5
10: from all to lookup 5
10: from all to lookup 5
10: from all to lookup 5
10: from all to lookup 5
10: from all to lookup 5
10: from all to lookup 5
10: from all to lookup 5
10: from all to lookup 5
10: from all to lookup 5
10: from all to lookup 5
10: from all to lookup 5
10: from all to lookup 5
10: from all to lookup 5
199: from all fwmark 0x7e0/0x7f8 lookup uplink-main
200: from lookup uplink-main
32766: from all lookup main
32767: from all lookup default

Say me if you want something more.
2010-01-06 15:51   
Is this still under investigation? I am setting up a new endian v2.3 system and am seeing the exact same problem. Adding a route in the GUI does not allow it to work. Primarily I am trying to add a route to a network behind another router on the GREEN interface. Setting it up in the GUI without a source address does not update the kernel tables, and other output is identical to what is shown above in terms of ip route show table 5 and the efw/routing/config file. Yet doing a route command at the shell works as expected.
2010-01-30 13:12   
ip is the replacement command from the iputils package, and is used to alter routing tables in Endian. Routes can be placed in many tables, only table 254 (main) is operated on by kernel routing table or displayed in output of route command.

Note that tables other than 254 are not displayed by the route command i.e. table 5 is not shown, but is acted on if input to GUI is in the correct format and routing will be successful.

When Endian adds routes to networks behind Green in EFW page Network/Routing/Static routing/Add new route. The new route is added to table 5 and can be seen as above, by command "ip route show table 5" more detailed display by using "ip rule show" and "ip route show all" Note. table 5 is a rule.

A source address need not be specified (Even thou the field id, is marked with an asterisk (*This Field is required)

The Destination network must be entered in CDIR notation i.e. /24 for

Route Via* Static Gateway is entered as a IP address in dotted decimal notation.

After entering network behind green details into GUI full routing is fully functional on 2.3

Maybe Endian could add note to page advising to use CDIR notation for addresses in network dialogue boxes on this screen. (New documentation on web has been updated to reflect this too, which is good. Click help in top right hand corner)
2010-11-23 02:07   
I have the latest version 2.41 ( the same version with 2 real machines and one virtual lab and the issue continues. It is necessary to add route manually.

2011-09-14 06:18   
I have the latest version as well and there is still the issue. Adding the route manually by connecting via SSH and running route add command works fine as a workaround
2012-03-02 18:11   
I also have the latest version 2.5 R1 and this is still an issue. Is anyone actually working on this issue? The last time I see a non-reporter working on this was in 2009
2012-05-06 03:23   
That still a problem on 2.5.1. Any way we can get it fixed?
2013-06-05 14:58   
To save the route commands manually, add them to /etc/init.d/rc.local.

Something like


route add -net gw

exit 0