SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0001132: Static Routes defined in GUI dont work properly - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001132Endian FirewallMigrationpublic2008-07-16 15:442013-06-05 14:58
Reportermablass 
Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusacknowledgedResolutionopen 
PlatformOSOS Version
Product Version2.2-rc1 
Target VersionFixed in Version 
Summary0001132: Static Routes defined in GUI dont work properly
Descriptioni definded some static routes in the gui. ping to the destination network worked correctly. ssh for example not. after trying some things out with firewall settings i decided to put the routes directly to the system by using route add -net 1 ... in the efw server. now everything is fine. as the new 2.2. allows to use a gui but the result is not working i guess its a problem :)

TagsNo tags attached.
Attached Files

- Relationships
related to 0000877closedpeter-endian Static route donĀ“t work 

-  Notes
(0001451)
mablass (reporter)
2008-07-16 17:04

update: the problem can only be solved by adding some additional NAT rule for the target network. actually i believe the topic is related to 0000444. ping works with the gui defintion but not other services
(0001452)
peter-endian (administrator)
2008-07-16 17:11

are you sure that you don't miss the return route or default route on the other side?
mentioning the NAT rules would make me think of that
(0001463)
mablass (reporter)
2008-07-18 21:33

when using a hardwarebox everything works fine. i just downgraded to endian 2.1.2 and added static routes. everything is ok - but 2.2 makes trouble
(0001995)
Brains (reporter)
2009-02-24 16:21

Confirmed - static routes added via the GUI are never passed down to the kernel.

Adding routes via the shell works as intended (ie. route add -net <network> gw <gateway>)
(0002611)
Telemak (reporter)
2009-06-12 14:44

Confirmed for me too with 2.2 final
(0002612)
luca-endian (developer)
2009-06-12 15:59

Can you paste the output of these commands:
cat /var/efw/routing/config
ip rule show
(0002618)
Telemak (reporter)
2009-06-12 19:36

In this configuration, the route don't work all the time, but only after making a traceroute in the pc.
But after puting it by the route add command, maybe it works better. I will have result of this test Monday.
(0002652)
Telemak (reporter)
2009-06-22 15:44

It's all ok if I put the routes with this command in ssh :

route add -host 80.74.67.37 gw 10.10.13.2
route add -net 81.1.62.224 netmask 255.255.255.224 gw 10.10.13.2
route add -net 136.9.0.0/16 gw 10.10.13.2

For helping...

Telemak
(0002653)
peter-endian (administrator)
2009-06-22 16:49

you created routing entries which direct traffic *from* 10.10.13.00/24 to several networks to the gateway 10.10.13.2

For example this rule:
on,10.10.13.0/24,6x.xx.xx.0/24,10.10.13.2,,,,,,,,

means, that *only* traffic from 10.10.13.0/24 to that external network goes through gateway 10.10.13.2. Maybe that is not what you want. Maybe you want direct *all* traffic to that external ip through the gateway?

That's what you did with the route commands. Those route commands aren't exactly the same configuration as through the GUI. BTW, "route" is a deprecated interface and may be overruled by other ip rule entries.

Try to remove the source-part of your GUI rules, that should then be the same as you did with the route commands.
(0002692)
luca-endian (developer)
2009-06-29 14:13

can you gently paste the output of this command:

ip route show table 5

thank you
(0002694)
Telemak (reporter)
2009-06-29 14:34

Puting a source or not ? I will try but if I've choice, I prefer puting a source. (And all the PC concerned are really in 10.10.13.0/24, the others may not use this routes).

ip route show table 5 give :
default via 10.10.13.2 dev br0
(0002702)
Telemak (reporter)
2009-06-30 12:38

In the GUI, in the routing page, the source is shown as required. But like you say, we can not fill it with no GUI error.
I've corrected the routes by removing source and not puting it manually in kernel routing. Then I obtain :

Commande : route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.10.23.0 * 255.255.255.0 U 0 0 0 eth1
10.10.13.0 * 255.255.255.0 U 0 0 0 br0
default 10.10.23.200 0.0.0.0 UG 0 0 0 eth1

Commande : ip route show table 5
Same as above

Comande : ip route show
0: from all lookup local
5: from all to 10.10.13.200/24 lookup main
5: from all to 10.10.23.0/24 lookup main
10: from all to 62.23.96.0/24 lookup 5
10: from all to 80.74.67.37 lookup 5
10: from all to 81.1.62.224 lookup 5
10: from all to 136.9.0.0/16 lookup 5
10: from all to 192.28.103.0/24 lookup 5
10: from all to 193.56.211.51 lookup 5
10: from all to 193.56.211.53 lookup 5
10: from all to 193.56.211.81 lookup 5
10: from all to 194.51.14.0/16 lookup 5
10: from all to 194.206.181.240 lookup 5
10: from all to 194.206.181.252 lookup 5
10: from all to 195.46.218.22 lookup 5
10: from all to 212.234.59.105 lookup 5
10: from all to 212.234.59.239 lookup 5
10: from all to 66.225.239.127 lookup 5
10: from all to 212.234.229.40 lookup 5
10: from all to 10.10.10.0/24 lookup 5
10: from all to 10.10.11.0/24 lookup 5
10: from all to 10.10.12.0/24 lookup 5
10: from all to 10.10.14.0/24 lookup 5
199: from all fwmark 0x7e0/0x7f8 lookup uplink-main
200: from 10.10.23.100 lookup uplink-main
32766: from all lookup main
32767: from all lookup default

Say me if you want something more.
(0003649)
n9yty (reporter)
2010-01-06 15:51

Is this still under investigation? I am setting up a new endian v2.3 system and am seeing the exact same problem. Adding a route in the GUI does not allow it to work. Primarily I am trying to add a route to a network behind another router on the GREEN interface. Setting it up in the GUI without a source address does not update the kernel tables, and other output is identical to what is shown above in terms of ip route show table 5 and the efw/routing/config file. Yet doing a route command at the shell works as expected.
(0003726)
sifi986 (reporter)
2010-01-30 13:12

ip is the replacement command from the iputils package, and is used to alter routing tables in Endian. Routes can be placed in many tables, only table 254 (main) is operated on by kernel routing table or displayed in output of route command.

Note that tables other than 254 are not displayed by the route command i.e. table 5 is not shown, but is acted on if input to GUI is in the correct format and routing will be successful.

When Endian adds routes to networks behind Green in EFW page Network/Routing/Static routing/Add new route. The new route is added to table 5 and can be seen as above, by command "ip route show table 5" more detailed display by using "ip rule show" and "ip route show all" Note. table 5 is a rule.

A source address need not be specified (Even thou the field id, is marked with an asterisk (*This Field is required)

The Destination network must be entered in CDIR notation i.e. /24 for 255.255.255.0

Route Via* Static Gateway is entered as a IP address in dotted decimal notation.

After entering network behind green details into GUI full routing is fully functional on 2.3

Maybe Endian could add note to page advising to use CDIR notation for addresses in network dialogue boxes on this screen. (New documentation on web has been updated to reflect this too, which is good. Click help in top right hand corner)
(0005179)
ytech (reporter)
2010-11-23 02:07

I have the latest version 2.41 (2.6.32.25-57.e40.i586) the same version with 2 real machines and one virtual lab and the issue continues. It is necessary to add route manually.

Thanks
(0007404)
Sheldmandu (reporter)
2011-09-14 06:18

I have the latest version as well and there is still the issue. Adding the route manually by connecting via SSH and running route add command works fine as a workaround
(0007740)
shairozan (reporter)
2012-03-02 18:11

I also have the latest version 2.5 R1 and this is still an issue. Is anyone actually working on this issue? The last time I see a non-reporter working on this was in 2009
(0007858)
cemendes (reporter)
2012-05-06 03:23

That still a problem on 2.5.1. Any way we can get it fixed?
(0008433)
ltinti (reporter)
2013-06-05 14:58

To save the route commands manually, add them to /etc/init.d/rc.local.

Something like

#!/bin/sh

route add -net 10.0.0.0/24 gw 192.168.0.2

exit 0

- Issue History
Date Modified Username Field Change
2008-07-16 15:44 mablass New Issue
2008-07-16 17:04 mablass Note Added: 0001451
2008-07-16 17:11 peter-endian Note Added: 0001452
2008-07-18 21:33 mablass Note Added: 0001463
2008-09-09 13:59 peter-endian Relationship added related to 0000877
2009-02-24 16:21 Brains Note Added: 0001995
2009-06-12 14:44 Telemak Note Added: 0002611
2009-06-12 15:59 luca-endian Note Added: 0002612
2009-06-12 19:36 Telemak Note Added: 0002618
2009-06-22 15:44 Telemak Note Added: 0002652
2009-06-22 16:49 peter-endian Note Added: 0002653
2009-06-29 14:13 luca-endian Note Added: 0002692
2009-06-29 14:34 Telemak Note Added: 0002694
2009-06-30 12:38 Telemak Note Added: 0002702
2010-01-06 15:51 n9yty Note Added: 0003649
2010-01-07 15:19 peter-endian Status new => feedback
2010-01-30 13:12 sifi986 Note Added: 0003726
2010-09-23 15:44 peter-endian Status feedback => acknowledged
2010-11-23 02:07 ytech Note Added: 0005179
2011-09-14 06:18 Sheldmandu Note Added: 0007404
2012-03-02 18:11 shairozan Note Added: 0007740
2012-05-06 03:23 cemendes Note Added: 0007858
2013-06-05 14:58 ltinti Note Added: 0008433

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker