Configuring shorewall #57 (exit status 1)


(ver) #1

Hi,

I already have one red category to logical interface. I just need another one in case the ISP was down the internet network will switch to another ISP

When i’m trying to configure logical interface in network as RED category DHCP or Static
I’m always encountering this error.

Kindly help me or what things i need to do?

Thank you so much…

Below

Task completed with errors
Configuring shorewall #57 (exit status 1)
Compiling using Shorewall 5.1.10.2…
Processing /etc/shorewall/params …
Processing /etc/shorewall/shorewall.conf…
Loading Modules…
Compiling /etc/shorewall/zones…
Compiling /etc/shorewall/interfaces…
Determining Hosts in Zones…
Locating Action Files…
Compiling /etc/shorewall/policy…
Running /etc/shorewall/initdone…
Adding Anti-smurf Rules
Adding rules for DHCP
Compiling TCP Flags filtering…
Compiling Kernel Route Filtering…
Compiling Martian Logging…
Compiling /etc/shorewall/providers…
Compiling /etc/shorewall/snat…
Compiling MAC Filtration – Phase 1…
Compiling /etc/shorewall/rules…
Compiling /etc/shorewall/conntrack…
Compiling MAC Filtration – Phase 2…
Applying Policies…
Generating Rule Matrix…
Optimizing Ruleset…
Creating iptables-restore input…
Compiling /etc/shorewall/stoppedrules…
Shorewall configuration compiled to /var/lib/shorewall/.restart
Reloading Shorewall…
Initializing…
Processing /etc/shorewall/init …
Processing /etc/shorewall/tcclear …
Setting up Route Filtering…
Setting up Martian Logging…
Setting up Proxy ARP…
Adding Providers…
Usage: ip route { list | flush } SELECTOR
ip route save SELECTOR
ip route restore
ip route showdump
ip route get ADDRESS [ from ADDRESS iif STRING ]
[ oif STRING ] [ tos TOS ]
[ mark NUMBER ] [ vrf NAME ]
[ uid NUMBER ]
ip route { add | del | change | append | replace } ROUTE
SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ]
[ table TABLE_ID ] [ vrf NAME ] [ proto RTPROTO ]
[ type TYPE ] [ scope SCOPE ]
ROUTE := NODE_SPEC [ INFO_SPEC ]
NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ]
[ table TABLE_ID ] [ proto RTPROTO ]
[ scope SCOPE ] [ metric METRIC ]
INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ]…
NH := [ encap ENCAPTYPE ENCAPHDR ] [ via [ FAMILY ] ADDRESS ]
[ dev STRING ] [ weight NUMBER ] NHFLAGS
FAMILY := [ inet | inet6 | ipx | dnet | mpls | bridge | link ]
OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ as [ to ] ADDRESS ]
[ rtt TIME ] [ rttvar TIME ] [ reordering NUMBER ]
[ window NUMBER ] [ cwnd NUMBER ] [ initcwnd NUMBER ]
[ ssthresh NUMBER ] [ realms REALM ] [ src ADDRESS ]
[ rto_min TIME ] [ hoplimit NUMBER ] [ initrwnd NUMBER ]
[ features FEATURES ] [ quickack BOOL ] [ congctl NAME ]
[ pref PREF ] [ expires TIME ]
TYPE := { unicast | local | broadcast | multicast | throw |
unreachable | prohibit | blackhole | nat }
TABLE_ID := [ local | main | default | all | NUMBER ]
SCOPE := [ host | link | global | NUMBER ]
NHFLAGS := [ onlink | pervasive ]
RTPROTO := [ kernel | boot | static | NUMBER ]
PREF := [ low | medium | high ]
TIME := NUMBER[s|ms]
BOOL := [1|0]
FEATURES := ecn
ENCAPTYPE := [ mpls | ip | ip6 ]
ENCAPHDR := [ MPLSLABEL ]
ERROR: Command “ip -4 route replace src 0.0.0.0 dev enp3s0” Failed
Processing /etc/shorewall/stop …
Processing /etc/shorewall/tcclear …
Preparing iptables-restore input…
Running /sbin/iptables-restore --wait 60…
IPv4 Forwarding Enabled
Processing /etc/shorewall/stopped …
/usr/share/shorewall/lib.common: line 93: 9248 Terminated $SHOREWALL_SHELL $script $options $@
Configuring shorewall #91 (exit status 1)
Compiling using Shorewall 5.1.10.2…
Processing /etc/shorewall/params …
Processing /etc/shorewall/shorewall.conf…
Loading Modules…
Compiling /etc/shorewall/zones…
Compiling /etc/shorewall/interfaces…
Determining Hosts in Zones…
Locating Action Files…
Compiling /etc/shorewall/policy…
Running /etc/shorewall/initdone…
Adding Anti-smurf Rules
Adding rules for DHCP
Compiling TCP Flags filtering…
Compiling Kernel Route Filtering…
Compiling Martian Logging…
Compiling /etc/shorewall/providers…
Compiling /etc/shorewall/snat…
Compiling MAC Filtration – Phase 1…
Compiling /etc/shorewall/rules…
Compiling /etc/shorewall/conntrack…
Compiling MAC Filtration – Phase 2…
Applying Policies…
Generating Rule Matrix…
Optimizing Ruleset…
Creating iptables-restore input…
Compiling /etc/shorewall/stoppedrules…
Shorewall configuration compiled to /var/lib/shorewall/.restart
Shorewall is not running
Starting Shorewall…
Initializing…
Processing /etc/shorewall/init …
Processing /etc/shorewall/tcclear …
Setting up Route Filtering…
Setting up Martian Logging…
Setting up Proxy ARP…
Adding Providers…
Usage: ip route { list | flush } SELECTOR
ip route save SELECTOR
ip route restore
ip route showdump
ip route get ADDRESS [ from ADDRESS iif STRING ]
[ oif STRING ] [ tos TOS ]
[ mark NUMBER ] [ vrf NAME ]
[ uid NUMBER ]
ip route { add | del | change | append | replace } ROUTE
SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ]
[ table TABLE_ID ] [ vrf NAME ] [ proto RTPROTO ]
[ type TYPE ] [ scope SCOPE ]
ROUTE := NODE_SPEC [ INFO_SPEC ]
NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ]
[ table TABLE_ID ] [ proto RTPROTO ]
[ scope SCOPE ] [ metric METRIC ]
INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ]…
NH := [ encap ENCAPTYPE ENCAPHDR ] [ via [ FAMILY ] ADDRESS ]
[ dev STRING ] [ weight NUMBER ] NHFLAGS
FAMILY := [ inet | inet6 | ipx | dnet | mpls | bridge | link ]
OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ as [ to ] ADDRESS ]
[ rtt TIME ] [ rttvar TIME ] [ reordering NUMBER ]
[ window NUMBER ] [ cwnd NUMBER ] [ initcwnd NUMBER ]
[ ssthresh NUMBER ] [ realms REALM ] [ src ADDRESS ]
[ rto_min TIME ] [ hoplimit NUMBER ] [ initrwnd NUMBER ]
[ features FEATURES ] [ quickack BOOL ] [ congctl NAME ]
[ pref PREF ] [ expires TIME ]
TYPE := { unicast | local | broadcast | multicast | throw |
unreachable | prohibit | blackhole | nat }
TABLE_ID := [ local | main | default | all | NUMBER ]
SCOPE := [ host | link | global | NUMBER ]
NHFLAGS := [ onlink | pervasive ]
RTPROTO := [ kernel | boot | static | NUMBER ]
PREF := [ low | medium | high ]
TIME := NUMBER[s|ms]
BOOL := [1|0]
FEATURES := ecn
ENCAPTYPE := [ mpls | ip | ip6 ]
ENCAPHDR := [ MPLSLABEL ]
ERROR: Command “ip -4 route replace src 0.0.0.0 dev enp3s0” Failed
Processing /etc/shorewall/stop …
Processing /etc/shorewall/tcclear …
Preparing iptables-restore input…
Running /sbin/iptables-restore --wait 60…
IPv4 Forwarding Enabled
Processing /etc/shorewall/stopped …
/usr/share/shorewall/lib.common: line 93: 9573 Terminated $SHOREWALL_SHELL $script $options $@


(Markus Neuberger) #2

It looks like there’s a problem with the default gateway on interface enp3s0. What kind of logical interface did you add? Maybe you need another physical adapter for your configuration to work.

Please post your network config:

ip addr
db networks show

Here are some docs about the multiwan feature:
http://docs.nethserver.org/en/v7/firewall.html#multi-wan
http://docs.nethserver.org/projects/nethserver-devel/en/v7/nethserver-firewall-base.html#multi-wan