SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0004427: static routing has higher priority than direct connected zones - MantisBT
MantisBT - Endian Firewall
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0004427Endian FirewallNetwork related (VPN, uplinks)public2012-08-22 15:502012-10-23 12:43
Reporterluca-endian 
Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusnewResolutionopen 
PlatformOSOS Version
Product Version2.5 
Target VersionFixed in Version 
Customer Importance
Customer Occurrences
Queue
Summary0004427: static routing has higher priority than direct connected zones
DescriptionThis is the ip rule output on 2.5 up to date

10: from 192.168.50.131 lookup uplink-uplink2
10: from all to 78.4.59.x/29 lookup main
10: from all to 80.18.144.x/28 lookup main
10: from all to 192.168.50.0/24 lookup main
10: from all to 192.168.1.0/24 lookup main
10: from all to 192.168.60.0/24 lookup main
199: from all fwmark 0x18/0x7f8 lookup uplink-main
199: from all fwmark 0x20/0x7f8 lookup uplink-uplink2
199: from all fwmark 0x28/0x7f8 lookup uplink-uplink1

Behavior is that packets from 192.168.50.131 green ip to other zones are routed to uplink2 :(
Steps To Reproduce
Additional Information
Tagspurple
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2012-08-22 15:50luca-endianNew Issue
2012-08-22 15:50luca-endianTag Attached: purple
2012-10-23 12:32thomas-endianNote Added: 0008245
2012-10-23 12:43thomas-endianNote Added: 0008246

Notes
(0008245)
thomas-endian   
2012-10-23 12:32   
2.5 ARM, rule 3 and 4 cant never route to the DMZ Zone.

Rule: from all to 10.0.0.0/24 lookup main
must have the high priority.

root@firewall:~ # ip rule show
0: from all lookup local
10: from all fwmark 0x20/0x7f8 lookup gateway-192.168.18.2
10: from 172.30.1.11 lookup gateway-192.168.18.2
10: from 172.30.1.8 lookup gateway-192.168.18.2
10: from all fwmark 0x18/0x7f8 lookup gateway-84.245.143.66
10: from all to 193.158.87.245 lookup gateway-84.245.143.66
10: from all to 193.7.141.232 lookup gateway-84.245.143.66
10: from all to 84.245.143.64/26 lookup main
10: from all to 10.0.0.0/24 lookup main
10: from all to 192.168.18.0/24 lookup main
10: from all to 194.245.0.0/16 lookup uplink-main
10: from all to 172.30.0.0/16 lookup main
199: from all fwmark 0x8/0x7f8 lookup uplink-main
199: from all fwmark 0x10/0x7f8 lookup uplink-uplink1
(0008246)
thomas-endian   
2012-10-23 12:43   
I thought the problem is solved with packet efw-network-2.9.7-0.endian33.i586.rpm?