Enhancement #2827

Firewall-base: multi-wan dhcp failover not supported

Added by Filippo Carletti about 7 years ago. Updated over 6 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:<multiple packages>
Target version:v6.6
Resolution: NEEDINFO:No

Description

If a wan in a multi-wan setup is in dhcp (not static), DGD (Dead Gateway Detection) does not work.

See https://groups.google.com/forum/#!topic/nethserver/NGmP9D0BqqY for details.


Related issues

Copied from NethServer 6 - Feature #2332: Firewall-base: add support for multi-wan CLOSED

Associated revisions

Revision 472d259a
Added by Giacomo Sanchietti over 6 years ago

DHCP on red: handle IP renew. Refs #2827

Revision 23e32d33
Added by Giacomo Sanchietti over 6 years ago

providers: expand only if #provider_num >= 2. Refs #2827

Revision ac97114f
Added by Giacomo Sanchietti over 6 years ago

interface-config-write: handle aliases. Refs #2827

Revision 8d427087
Added by Giacomo Sanchietti over 6 years ago

interface-config-write: skip routes for aliases. Refs #2827

Revision 1668dba3
Added by Giacomo Sanchietti over 6 years ago

dhcp client script: remove debug. Refs #2827

Revision 13bfe69b
Added by Giacomo Sanchietti over 6 years ago

DHCP on red: fix static routes. Refs #2827

Execute static-routes-save event inside interface-update to
handle interfaces with dynamic IP after the network
has been restarted.

History

#1 Updated by Filippo Carletti about 7 years ago

  • Copied from Feature #2332: Firewall-base: add support for multi-wan added

#2 Updated by Giacomo Sanchietti almost 7 years ago

  • Priority changed from High to Normal

#3 Updated by Giacomo Sanchietti over 6 years ago

  • Description updated (diff)

#4 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from NEW to TRIAGED
  • Target version changed from ~FUTURE to v6.6
  • % Done changed from 0 to 20

#5 Updated by Giacomo Sanchietti over 6 years ago

When a red interface is associated to a provider, LSM needs a static route to the checkip for checking the line status.
If the red interface is in dhcp mode, interface-config-write script can't write the route into the right file.

We need two fixes:
  • interface-config-write must handle interfaces with dynamic ip
  • add a script into /etc/dhcp/dhclient.d/ to handle new routes when a red interface changes the ip

#6 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#7 Updated by Giacomo Sanchietti over 6 years ago

When only provider is configured, Shorewall creates the provider route, but there is no way find the checkip for a new provider since there is no default gateway.

We need to:
  • enable /etc/shorewall/providers only there are more than 1 configured providers
  • execute firewall-adjust after static-route-save event

#8 Updated by Giacomo Sanchietti over 6 years ago

  • Category changed from nethserver-firewall-base to <multiple packages>

#9 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 30 to 60

#10 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70
Packages in nethserver-testing:
  • nethserver-firewall-base-2.4.0-1.3.g23e32d3.ns6.noarch.rpm
  • nethserver-base-2.6.3-1.2.g472d259.ns6.noarch.rpm
Test case 1
  • Configure one red interface
  • Configure one provider
  • Check there isn't any entry in /etc/shorewall/providers
Test case 2
  • Configure two red interfaces, one static and one with DHCP
  • Configure two providers
  • Check all provider static routes are correctly created

#11 Updated by Filippo Carletti over 6 years ago

  • Assignee set to Filippo Carletti

#12 Updated by Filippo Carletti over 6 years ago

  • Status changed from ON_QA to TRIAGED
  • Assignee deleted (Filippo Carletti)
  • % Done changed from 70 to 20

Test case 1: passed. With only one provider configured, /etc/shorewall/providers is "empty".
Test case 2: I'm not certain that the code is good enough. While it works, it doesn't consider the possible presence of ip aliases.
The code now:

/sbin/ip -4 address show $dev | sed ...

I'd modify it as:
/sbin/ip -4 address show $dev primary | sed ...

#13 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#14 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#15 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Package in nethserver-testing:
  • nethserver-base-2.6.3-1.3.gac97114.ns6.noarch.rpm
  • nethserver-base-2.6.3-1.4.g8d42708.ns6.noarch.rpm
  • nethserver-base-2.6.3-1.6.g13bfe69.ns6.noarch.rpm

#16 Updated by Filippo Carletti over 6 years ago

  • Status changed from ON_QA to VERIFIED
  • % Done changed from 70 to 90

Alias ip correctly excluded.
Routes to checkip created after netowrk restart.

#17 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in nethserver-updates:
  • nethserver-firewall-base-2.5.0-1.ns6.noarch.rpm
  • nethserver-base-2.6.4-1.ns6.noarch.rpm

Also available in: Atom PDF