Shorewall issues

Thanks to @mrmarkuz for figuring this one out too and for improvement from @filippo_carletti. Hetzner has this well documented here , but unfortunately it’s not so simple for us on NethServer. We will need to make some changes to the e-smith database to make sure the static route is being added so our static IP can work. Basically, it means that we can’t use the Web GUI for managing static IPs. It is really unfortunate that Hetzner designs it this way, and this makes their competitor Contabo more attractive for doing a simple NethServer install.

Nevertheless, to fix the routes we need to do the following:

• Manually edit the e-smith database for your external interface (eth0 by default)

db networks setprop eth0 bootproto none onboot yes userctl no ipv6addr <IPV6_Address>::1/64 ipv6init yes ipv6_defaultgw fe80::1%eth0 ipv6_defaultdev eth0 role green hwaddr <Eth0_Mac_Address> ipaddr <IPV4_Address> netmask 255.255.255.255

Get your IPv4 and IPv6 addreses from your Hetzner control panel:

If you’re like me and IPv6 is new to you, then just grab the IPv6 that is shown in your control panel and put the AAAA:BBB:CCC:DDDD it in the script above exactly as I have shown. If you know what you’re doing, then you can pick your own sub-address.

• Remove the gateway property from eth0

db networks delprop eth0 gateway

• Add the static route through a command:

db routes set 0.0.0.0/0 static Description “default gw” Device eth0 Metric “” Router 172.31.1.1

or through the web interface:

image1506×484 14.4 KB

image829×429 4.95 KB

Now is the time to cross your fingers and hope things work. Make sure you’re ready for some down time and debugging.

• Trigger the interface update

signal-event interface-update

Things should work. If not, try rebooting your server before playing with any other configurations.