SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
| Anonymous | Login | 2022-07-05 07:05 UTC |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||||
| 0002998 | Endian Firewall | Network related (VPN, uplinks) | public | 2010-06-11 13:49 | 2012-04-18 13:35 | ||||||
| Reporter | aender | ||||||||||
| Assigned To | peter-endian | ||||||||||
| Priority | normal | Severity | major | Reproducibility | always | ||||||
| Status | acknowledged | Resolution | open | ||||||||
| Platform | OS | OS Version | |||||||||
| Product Version | 2.4 | ||||||||||
| Target Version | Fixed in Version | ||||||||||
| Summary | 0002998: Static Routes doesn´t work | ||||||||||
| Description | I configured a static route at the gui but it doesn´t work. Also a route print doesn´t show the entry If i do a manual route add it works perfect. route add -net 10.48.248.0/24 gw 10.48.16.9 Also i doesn´t understand why the same entry automatically at policy routing is created that i configured at static routes in the gui. | ||||||||||
| Tags | No tags attached. | ||||||||||
| Attached Files |  routing.png [^] (58,158 bytes) 2010-07-15 07:59
| ||||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0004500) peter-endian (administrator) 2010-06-14 12:55 |
policy routing gui and static routing gui are only different views to the same configuration you use the old interface, which does not show the entire routing tables. use ip route show table all ip rule instead if you don't find your route, then please be more verbose about what you did and what you like to do. |
|
(0004616) aender (reporter) 2010-07-15 07:58 |
Sorry for the delay. Your commands give this output. root@efw-1264069518:~ # ip route show table all 194.208.246.240/29 dev eth2 table uplink-main proto kernel scope link default via 194.208.246.241 dev eth2 table uplink-main proto kernel src 194.208.246.242 194.208.246.240/29 dev eth2 proto kernel scope link src 194.208.246.242 192.168.2.0/24 via 192.168.121.1 dev tap2 192.168.12.0/24 dev br1 proto kernel scope link src 192.168.12.252 10.48.16.0/21 dev br0 proto kernel scope link src 10.48.16.254 192.168.0.0/16 dev tap2 proto kernel scope link src 192.168.150.36 default via 194.208.246.241 dev eth2 default via 10.48.16.9 dev br0 table 5 local 192.168.12.252 dev br1 table local proto kernel scope host src 192.168.12.252 broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 broadcast 192.168.12.255 dev br1 table local proto kernel scope link src 192.168.12.252 broadcast 10.48.16.0 dev br0 table local proto kernel scope link src 10.48.16.254 broadcast 194.208.246.247 dev eth2 table local proto kernel scope link src 194.208.246.242 broadcast 10.48.23.255 dev br0 table local proto kernel scope link src 10.48.16.254 broadcast 194.208.246.240 dev eth2 table local proto kernel scope link src 194.208.246.242 local 194.208.246.242 dev eth2 table local proto kernel scope host src 194.208.246.242 broadcast 192.168.255.255 dev tap2 table local proto kernel scope link src 192.168.150.36 local 192.168.150.36 dev tap2 table local proto kernel scope host src 192.168.150.36 broadcast 192.168.0.0 dev tap2 table local proto kernel scope link src 192.168.150.36 broadcast 192.168.12.0 dev br1 table local proto kernel scope link src 192.168.12.252 local 10.48.16.254 dev br0 table local proto kernel scope host src 10.48.16.254 broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev eth1 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev br0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev br1 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev ifb0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev ifb1 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev tap0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev tap2 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 unreachable default dev lo table 0 proto none metric -1 error -101 hoplimit 255 local ::1 via :: dev lo table local proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295 local fe80::20c:29ff:fe7c:b4d7 via :: dev lo table local proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295 local fe80::20c:29ff:fe7c:b4d7 via :: dev lo table local proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295 local fe80::20c:29ff:fe7c:b4e1 via :: dev lo table local proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295 local fe80::20c:29ff:fe7c:b4e1 via :: dev lo table local proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295 local fe80::2c6e:a5ff:feaa:a061 via :: dev lo table local proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295 local fe80::7022:d2ff:fedb:c4cb via :: dev lo table local proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295 local fe80::8c85:ffff:feba:5477 via :: dev lo table local proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295 local fe80::9879:b8ff:fead:b501 via :: dev lo table local proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295 ff00::/8 dev eth0 table local metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 ff00::/8 dev eth1 table local metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 ff00::/8 dev br0 table local metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 ff00::/8 dev br1 table local metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 ff00::/8 dev ifb0 table local metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 ff00::/8 dev ifb1 table local metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 ff00::/8 dev tap0 table local metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 ff00::/8 dev tap2 table local metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 unreachable default dev lo table 0 proto none metric -1 error -101 hoplimit 255 root@efw-1264069518:~ # ip rule 0: from all lookup local 10: from 10.48.16.0/21 to 10.48.248.0/24 lookup 5 10: from all to 194.208.246.240/29 lookup main 10: from all to 192.168.2.0/24 lookup main 10: from all to 192.168.12.0/24 lookup main 10: from all to 10.48.16.0/21 lookup main 10: from all to 192.168.0.0/16 lookup main 199: from all fwmark 0x7e0/0x7f8 lookup uplink-main 200: from 194.208.246.242 lookup uplink-main 32766: from all lookup main 32767: from all lookup default With the settings in the attached screenshot routing works not correct. When i do this: route add -net 10.48.248.0/24 gw 10.48.16.9 all works fine. My green network is 10.48.16.254/21 |
|
(0004699) sriepenhausen (reporter) 2010-08-30 10:58 |
We confirm this Error: GUI route settings not working as workaround we added the nessessary route to the start config, to ensure it is available after reboot. /var/efw/inithooks/start.local route add 191.130.241.22 gw 10.200.1.100 This works fine for all connections to Port 80, but we still can't route to 3389, but that seems another error in conjunction with static routing and firewalling. |
|
(0004829) peter-endian (administrator) 2010-09-23 11:08 |
your routing configuration means: send all packages coming from 10.48.16.0/21 going to 10.48.248.0/24 to the gateway 10.48.16.9 is that really what you want? because your manual rule means: send all packages coming from anywhere going to 10.48.248.0/24 to the gateway 10.48.16.9 |
|
(0004832) aender (reporter) 2010-09-23 11:33 |
I want to have my manual rule. But it doesn´t matter what i configure in the gui. It doesn´t work. |
|
(0004833) peter-endian (administrator) 2010-09-23 13:03 |
ok, if you want your manual rule, then remove the subnet from the source field |
|
(0007831) aender (reporter) 2012-04-18 13:35 |
Any Updates?? |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2010-06-11 13:49 | aender | New Issue | |
| 2010-06-14 12:55 | peter-endian | Note Added: 0004500 | |
| 2010-06-14 12:55 | peter-endian | Status | new => feedback |
| 2010-07-15 07:58 | aender | Note Added: 0004616 | |
| 2010-07-15 07:59 | aender | File Added: routing.png | |
| 2010-08-30 10:58 | sriepenhausen | Note Added: 0004699 | |
| 2010-09-23 11:08 | peter-endian | Note Added: 0004829 | |
| 2010-09-23 11:33 | aender | Note Added: 0004832 | |
| 2010-09-23 13:03 | peter-endian | Note Added: 0004833 | |
| 2011-02-10 14:02 | ra-endian | Status | feedback => new |
| 2011-02-10 14:02 | ra-endian | Assigned To | => lorenzo-endian |
| 2011-02-10 15:49 | lorenzo-endian | Customer Occurencies | => 0 |
| 2011-02-10 15:49 | lorenzo-endian | Assigned To | lorenzo-endian => peter-endian |
| 2011-02-10 15:49 | lorenzo-endian | Status | new => acknowledged |
| 2012-04-18 13:35 | aender | Note Added: 0007831 | |
|
Issue History |
| Copyright © 2000 - 2012 MantisBT Group |
 |