SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
|Anonymous | Login||2020-04-03 04:04 UTC|
|Main | My View | View Issues | Change Log | Roadmap|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001132||Endian Firewall||Migration||public||2008-07-16 15:44||2013-06-05 14:58|
|Priority||normal||Severity||minor||Reproducibility||have not tried|
|Target Version||Fixed in Version|
|Summary||0001132: Static Routes defined in GUI dont work properly|
|Description||i definded some static routes in the gui. ping to the destination network worked correctly. ssh for example not. after trying some things out with firewall settings i decided to put the routes directly to the system by using route add -net 1 ... in the efw server. now everything is fine. as the new 2.2. allows to use a gui but the result is not working i guess its a problem :)|
|Tags||No tags attached.|
|update: the problem can only be solved by adding some additional NAT rule for the target network. actually i believe the topic is related to 0000444. ping works with the gui defintion but not other services|
are you sure that you don't miss the return route or default route on the other side?
mentioning the NAT rules would make me think of that
|when using a hardwarebox everything works fine. i just downgraded to endian 2.1.2 and added static routes. everything is ok - but 2.2 makes trouble|
Confirmed - static routes added via the GUI are never passed down to the kernel.
Adding routes via the shell works as intended (ie. route add -net <network> gw <gateway>)
|Confirmed for me too with 2.2 final|
Can you paste the output of these commands:
ip rule show
In this configuration, the route don't work all the time, but only after making a traceroute in the pc.
But after puting it by the route add command, maybe it works better. I will have result of this test Monday.
It's all ok if I put the routes with this command in ssh :
route add -host 188.8.131.52 gw 10.10.13.2
route add -net 184.108.40.206 netmask 255.255.255.224 gw 10.10.13.2
route add -net 220.127.116.11/16 gw 10.10.13.2
you created routing entries which direct traffic *from* 10.10.13.00/24 to several networks to the gateway 10.10.13.2
For example this rule:
means, that *only* traffic from 10.10.13.0/24 to that external network goes through gateway 10.10.13.2. Maybe that is not what you want. Maybe you want direct *all* traffic to that external ip through the gateway?
That's what you did with the route commands. Those route commands aren't exactly the same configuration as through the GUI. BTW, "route" is a deprecated interface and may be overruled by other ip rule entries.
Try to remove the source-part of your GUI rules, that should then be the same as you did with the route commands.
can you gently paste the output of this command:
ip route show table 5
Puting a source or not ? I will try but if I've choice, I prefer puting a source. (And all the PC concerned are really in 10.10.13.0/24, the others may not use this routes).
ip route show table 5 give :
default via 10.10.13.2 dev br0
In the GUI, in the routing page, the source is shown as required. But like you say, we can not fill it with no GUI error.
I've corrected the routes by removing source and not puting it manually in kernel routing. Then I obtain :
Commande : route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.10.23.0 * 255.255.255.0 U 0 0 0 eth1
10.10.13.0 * 255.255.255.0 U 0 0 0 br0
default 10.10.23.200 0.0.0.0 UG 0 0 0 eth1
Commande : ip route show table 5
Same as above
Comande : ip route show
0: from all lookup local
5: from all to 10.10.13.200/24 lookup main
5: from all to 10.10.23.0/24 lookup main
10: from all to 18.104.22.168/24 lookup 5
10: from all to 22.214.171.124 lookup 5
10: from all to 126.96.36.199 lookup 5
10: from all to 188.8.131.52/16 lookup 5
10: from all to 184.108.40.206/24 lookup 5
10: from all to 220.127.116.11 lookup 5
10: from all to 18.104.22.168 lookup 5
10: from all to 22.214.171.124 lookup 5
10: from all to 126.96.36.199/16 lookup 5
10: from all to 188.8.131.52 lookup 5
10: from all to 184.108.40.206 lookup 5
10: from all to 220.127.116.11 lookup 5
10: from all to 18.104.22.168 lookup 5
10: from all to 22.214.171.124 lookup 5
10: from all to 126.96.36.199 lookup 5
10: from all to 188.8.131.52 lookup 5
10: from all to 10.10.10.0/24 lookup 5
10: from all to 10.10.11.0/24 lookup 5
10: from all to 10.10.12.0/24 lookup 5
10: from all to 10.10.14.0/24 lookup 5
199: from all fwmark 0x7e0/0x7f8 lookup uplink-main
200: from 10.10.23.100 lookup uplink-main
32766: from all lookup main
32767: from all lookup default
Say me if you want something more.
|Is this still under investigation? I am setting up a new endian v2.3 system and am seeing the exact same problem. Adding a route in the GUI does not allow it to work. Primarily I am trying to add a route to a network behind another router on the GREEN interface. Setting it up in the GUI without a source address does not update the kernel tables, and other output is identical to what is shown above in terms of ip route show table 5 and the efw/routing/config file. Yet doing a route command at the shell works as expected.|
ip is the replacement command from the iputils package, and is used to alter routing tables in Endian. Routes can be placed in many tables, only table 254 (main) is operated on by kernel routing table or displayed in output of route command.
Note that tables other than 254 are not displayed by the route command i.e. table 5 is not shown, but is acted on if input to GUI is in the correct format and routing will be successful.
When Endian adds routes to networks behind Green in EFW page Network/Routing/Static routing/Add new route. The new route is added to table 5 and can be seen as above, by command "ip route show table 5" more detailed display by using "ip rule show" and "ip route show all" Note. table 5 is a rule.
A source address need not be specified (Even thou the field id, is marked with an asterisk (*This Field is required)
The Destination network must be entered in CDIR notation i.e. /24 for 255.255.255.0
Route Via* Static Gateway is entered as a IP address in dotted decimal notation.
After entering network behind green details into GUI full routing is fully functional on 2.3
Maybe Endian could add note to page advising to use CDIR notation for addresses in network dialogue boxes on this screen. (New documentation on web has been updated to reflect this too, which is good. Click help in top right hand corner)
I have the latest version 2.41 (184.108.40.206-57.e40.i586) the same version with 2 real machines and one virtual lab and the issue continues. It is necessary to add route manually.
|I have the latest version as well and there is still the issue. Adding the route manually by connecting via SSH and running route add command works fine as a workaround|
|I also have the latest version 2.5 R1 and this is still an issue. Is anyone actually working on this issue? The last time I see a non-reporter working on this was in 2009|
|That still a problem on 2.5.1. Any way we can get it fixed?|
To save the route commands manually, add them to /etc/init.d/rc.local.
route add -net 10.0.0.0/24 gw 192.168.0.2
|2008-07-16 15:44||mablass||New Issue|
|2008-07-16 17:04||mablass||Note Added: 0001451|
|2008-07-16 17:11||peter-endian||Note Added: 0001452|
|2008-07-18 21:33||mablass||Note Added: 0001463|
|2008-09-09 13:59||peter-endian||Relationship added||related to 0000877|
|2009-02-24 16:21||Brains||Note Added: 0001995|
|2009-06-12 14:44||Telemak||Note Added: 0002611|
|2009-06-12 15:59||luca-endian||Note Added: 0002612|
|2009-06-12 19:36||Telemak||Note Added: 0002618|
|2009-06-22 15:44||Telemak||Note Added: 0002652|
|2009-06-22 16:49||peter-endian||Note Added: 0002653|
|2009-06-29 14:13||luca-endian||Note Added: 0002692|
|2009-06-29 14:34||Telemak||Note Added: 0002694|
|2009-06-30 12:38||Telemak||Note Added: 0002702|
|2010-01-06 15:51||n9yty||Note Added: 0003649|
|2010-01-07 15:19||peter-endian||Status||new => feedback|
|2010-01-30 13:12||sifi986||Note Added: 0003726|
|2010-09-23 15:44||peter-endian||Status||feedback => acknowledged|
|2010-11-23 02:07||ytech||Note Added: 0005179|
|2011-09-14 06:18||Sheldmandu||Note Added: 0007404|
|2012-03-02 18:11||shairozan||Note Added: 0007740|
|2012-05-06 03:23||cemendes||Note Added: 0007858|
|2013-06-05 14:58||ltinti||Note Added: 0008433|
|Copyright © 2000 - 2012 MantisBT Group|