Hi,
I’m currently on NethServer release 7.7.1908 (final), fully patched.
I’m in the process of adding some VLANs and I’m encountering an error.
I have a Smart Switch that I’ve connected to enp3s0 and assigned it LAN (green role)
This works and I’m able to get to the Smart Switch management web page.
The bug is when I add a new VLAN, configured for DHCP with no device connected, I get the error below.
If I assign it a bogus static IP address and gateway, I’m not able to access the Internet. I haven’t dug into this issue much yet.
Below are the details.
Summary before creation of the VLAN
Create a new VLAN interface enp3s0.103 on enp3s0
Obtain IP configuration from DHCP server
Set role to “red”
Error Message
Task completed with errors
Configuring shorewall #72 (exit status 1)
Compiling using Shorewall 5.1.10.2…
Processing /etc/shorewall/params …
Processing /etc/shorewall/shorewall.conf…
Loading Modules…
Compiling /etc/shorewall/zones…
Compiling /etc/shorewall/interfaces…
Determining Hosts in Zones…
Locating Action Files…
Compiling /etc/shorewall/policy…
Running /etc/shorewall/initdone…
Adding Anti-smurf Rules
Adding rules for DHCP
Compiling TCP Flags filtering…
Compiling Kernel Route Filtering…
Compiling Martian Logging…
Compiling /etc/shorewall/providers…
Compiling /etc/shorewall/snat…
Compiling MAC Filtration – Phase 1…
Compiling /etc/shorewall/blrules…
Compiling /etc/shorewall/rules…
Compiling /etc/shorewall/conntrack…
Compiling MAC Filtration – Phase 2…
Applying Policies…
Compiling /etc/shorewall/mangle…
Generating Rule Matrix…
Optimizing Ruleset…
Creating iptables-restore input…
Compiling /etc/shorewall/stoppedrules…
Shorewall configuration compiled to /var/lib/shorewall/.restart
Reloading Shorewall…
Initializing…
Processing /etc/shorewall/init …
Processing /etc/shorewall/tcclear …
Setting up Route Filtering…
Setting up Martian Logging…
Setting up Proxy ARP…
Adding Providers…
WARNING: Interface enp2s0 is not usable – Provider red2 (1) not Started
WARNING: Interface enp3s0.105 is not usable – Provider red1 (2) not Started
Usage: ip route { list | flush } SELECTOR
ip route save SELECTOR
ip route restore
ip route showdump
ip route get ADDRESS [ from ADDRESS iif STRING ]
[ oif STRING ] [ tos TOS ]
[ mark NUMBER ] [ vrf NAME ]
[ uid NUMBER ]
ip route { add | del | change | append | replace } ROUTE
SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ]
[ table TABLE_ID ] [ vrf NAME ] [ proto RTPROTO ]
[ type TYPE ] [ scope SCOPE ]
ROUTE := NODE_SPEC [ INFO_SPEC ]
NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ]
[ table TABLE_ID ] [ proto RTPROTO ]
[ scope SCOPE ] [ metric METRIC ]
INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ]…
NH := [ encap ENCAPTYPE ENCAPHDR ] [ via [ FAMILY ] ADDRESS ]
[ dev STRING ] [ weight NUMBER ] NHFLAGS
FAMILY := [ inet | inet6 | ipx | dnet | mpls | bridge | link ]
OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ as [ to ] ADDRESS ]
[ rtt TIME ] [ rttvar TIME ] [ reordering NUMBER ]
[ window NUMBER ] [ cwnd NUMBER ] [ initcwnd NUMBER ]
[ ssthresh NUMBER ] [ realms REALM ] [ src ADDRESS ]
[ rto_min TIME ] [ hoplimit NUMBER ] [ initrwnd NUMBER ]
[ features FEATURES ] [ quickack BOOL ] [ congctl NAME ]
[ pref PREF ] [ expires TIME ]
TYPE := { unicast | local | broadcast | multicast | throw |
unreachable | prohibit | blackhole | nat }
TABLE_ID := [ local | main | default | all | NUMBER ]
SCOPE := [ host | link | global | NUMBER ]
NHFLAGS := [ onlink | pervasive ]
RTPROTO := [ kernel | boot | static | NUMBER ]
PREF := [ low | medium | high ]
TIME := NUMBER[s|ms]
BOOL := [1|0]
FEATURES := ecn
ENCAPTYPE := [ mpls | ip | ip6 ]
ENCAPHDR := [ MPLSLABEL ]
ERROR: Command “ip -4 route replace src 0.0.0.0 dev enp3s0.103” Failed
Processing /etc/shorewall/stop …
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
Processing /etc/shorewall/tcclear …
Preparing iptables-restore input…
Running /sbin/iptables-restore --wait 60…
IPv4 Forwarding Enabled
Processing /etc/shorewall/stopped …
/usr/share/shorewall/lib.common: line 93: 22274 Terminated $SHOREWALL_SHELL $script options @
Configuring shorewall #113 (exit status 1)
Compiling using Shorewall 5.1.10.2…
Processing /etc/shorewall/params …
Processing /etc/shorewall/shorewall.conf…
Loading Modules…
Compiling /etc/shorewall/zones…
Compiling /etc/shorewall/interfaces…
Determining Hosts in Zones…
Locating Action Files…
Compiling /etc/shorewall/policy…
Running /etc/shorewall/initdone…
Adding Anti-smurf Rules
Adding rules for DHCP
Compiling TCP Flags filtering…
Compiling Kernel Route Filtering…
Compiling Martian Logging…
Compiling /etc/shorewall/providers…
Compiling /etc/shorewall/snat…
Compiling MAC Filtration – Phase 1…
Compiling /etc/shorewall/blrules…
Compiling /etc/shorewall/rules…
Compiling /etc/shorewall/conntrack…
Compiling MAC Filtration – Phase 2…
Applying Policies…
Compiling /etc/shorewall/mangle…
Generating Rule Matrix…
Optimizing Ruleset…
Creating iptables-restore input…
Compiling /etc/shorewall/stoppedrules…
Shorewall configuration compiled to /var/lib/shorewall/.restart
Shorewall is not running
Starting Shorewall…
Initializing…
Processing /etc/shorewall/init …
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
Processing /etc/shorewall/tcclear …
Setting up Route Filtering…
Setting up Martian Logging…
Setting up Proxy ARP…
Adding Providers…
WARNING: Interface enp2s0 is not usable – Provider red2 (1) not Started
WARNING: Interface enp3s0.105 is not usable – Provider red1 (2) not Started
Usage: ip route { list | flush } SELECTOR
ip route save SELECTOR
ip route restore
ip route showdump
ip route get ADDRESS [ from ADDRESS iif STRING ]
[ oif STRING ] [ tos TOS ]
[ mark NUMBER ] [ vrf NAME ]
[ uid NUMBER ]
ip route { add | del | change | append | replace } ROUTE
SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ]
[ table TABLE_ID ] [ vrf NAME ] [ proto RTPROTO ]
[ type TYPE ] [ scope SCOPE ]
ROUTE := NODE_SPEC [ INFO_SPEC ]
NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ]
[ table TABLE_ID ] [ proto RTPROTO ]
[ scope SCOPE ] [ metric METRIC ]
INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ]…
NH := [ encap ENCAPTYPE ENCAPHDR ] [ via [ FAMILY ] ADDRESS ]
[ dev STRING ] [ weight NUMBER ] NHFLAGS
FAMILY := [ inet | inet6 | ipx | dnet | mpls | bridge | link ]
OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ as [ to ] ADDRESS ]
[ rtt TIME ] [ rttvar TIME ] [ reordering NUMBER ]
[ window NUMBER ] [ cwnd NUMBER ] [ initcwnd NUMBER ]
[ ssthresh NUMBER ] [ realms REALM ] [ src ADDRESS ]
[ rto_min TIME ] [ hoplimit NUMBER ] [ initrwnd NUMBER ]
[ features FEATURES ] [ quickack BOOL ] [ congctl NAME ]
[ pref PREF ] [ expires TIME ]
TYPE := { unicast | local | broadcast | multicast | throw |
unreachable | prohibit | blackhole | nat }
TABLE_ID := [ local | main | default | all | NUMBER ]
SCOPE := [ host | link | global | NUMBER ]
NHFLAGS := [ onlink | pervasive ]
RTPROTO := [ kernel | boot | static | NUMBER ]
PREF := [ low | medium | high ]
TIME := NUMBER[s|ms]
BOOL := [1|0]
FEATURES := ecn
ENCAPTYPE := [ mpls | ip | ip6 ]
ENCAPHDR := [ MPLSLABEL ]
ERROR: Command “ip -4 route replace src 0.0.0.0 dev enp3s0.103” Failed
Processing /etc/shorewall/stop …
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
Processing /etc/shorewall/tcclear …
Preparing iptables-restore input…
Running /sbin/iptables-restore --wait 60…
IPv4 Forwarding Enabled
Processing /etc/shorewall/stopped …
/usr/share/shorewall/lib.common: line 93: 24308 Terminated $SHOREWALL_SHELL $script options @