Enhancement #2827
Firewall-base: multi-wan dhcp failover not supported
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | <multiple packages> | |||
Target version: | v6.6 | |||
Resolution: | NEEDINFO: | No |
Description
If a wan in a multi-wan setup is in dhcp (not static), DGD (Dead Gateway Detection) does not work.
See https://groups.google.com/forum/#!topic/nethserver/NGmP9D0BqqY for details.
Related issues
Associated revisions
DHCP on red: handle IP renew. Refs #2827
providers: expand only if #provider_num >= 2. Refs #2827
interface-config-write: handle aliases. Refs #2827
interface-config-write: skip routes for aliases. Refs #2827
dhcp client script: remove debug. Refs #2827
DHCP on red: fix static routes. Refs #2827
Execute static-routes-save event inside interface-update to
handle interfaces with dynamic IP after the network
has been restarted.
History
#1 Updated by Filippo Carletti about 7 years ago
- Copied from Feature #2332: Firewall-base: add support for multi-wan added
#2 Updated by Giacomo Sanchietti almost 7 years ago
- Priority changed from High to Normal
#3 Updated by Giacomo Sanchietti over 6 years ago
- Description updated (diff)
#4 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from NEW to TRIAGED
- Target version changed from ~FUTURE to v6.6
- % Done changed from 0 to 20
#5 Updated by Giacomo Sanchietti over 6 years ago
When a red interface is associated to a provider, LSM needs a static route to the checkip for checking the line status.
If the red interface is in dhcp mode, interface-config-write
script can't write the route into the right file.
interface-config-write
must handle interfaces with dynamic ip- add a script into
/etc/dhcp/dhclient.d/
to handle new routes when a red interface changes the ip
#6 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#7 Updated by Giacomo Sanchietti over 6 years ago
When only provider is configured, Shorewall creates the provider route, but there is no way find the checkip for a new provider since there is no default gateway.
We need to:- enable
/etc/shorewall/providers
only there are more than 1 configured providers - execute firewall-adjust after static-route-save event
#8 Updated by Giacomo Sanchietti over 6 years ago
- Category changed from nethserver-firewall-base to <multiple packages>
#9 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 30 to 60
#10 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
- nethserver-firewall-base-2.4.0-1.3.g23e32d3.ns6.noarch.rpm
- nethserver-base-2.6.3-1.2.g472d259.ns6.noarch.rpm
- Configure one red interface
- Configure one provider
- Check there isn't any entry in
/etc/shorewall/providers
- Configure two red interfaces, one static and one with DHCP
- Configure two providers
- Check all provider static routes are correctly created
#11 Updated by Filippo Carletti over 6 years ago
- Assignee set to Filippo Carletti
#12 Updated by Filippo Carletti over 6 years ago
- Status changed from ON_QA to TRIAGED
- Assignee deleted (
Filippo Carletti) - % Done changed from 70 to 20
Test case 1: passed. With only one provider configured, /etc/shorewall/providers is "empty".
Test case 2: I'm not certain that the code is good enough. While it works, it doesn't consider the possible presence of ip aliases.
The code now:
/sbin/ip -4 address show $dev | sed ...
I'd modify it as:
/sbin/ip -4 address show $dev primary | sed ...
#13 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#14 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#15 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
nethserver-base-2.6.3-1.3.gac97114.ns6.noarch.rpmnethserver-base-2.6.3-1.4.g8d42708.ns6.noarch.rpm- nethserver-base-2.6.3-1.6.g13bfe69.ns6.noarch.rpm
#16 Updated by Filippo Carletti over 6 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
Alias ip correctly excluded.
Routes to checkip created after netowrk restart.
#17 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
- nethserver-firewall-base-2.5.0-1.ns6.noarch.rpm
- nethserver-base-2.6.4-1.ns6.noarch.rpm