Discussion:
[Shorewall-users] Bug moving to version 5.0.4 (ubuntu 16.04LTS)
Marcelo Bello
2016-08-01 20:33:38 UTC
Permalink
Hello,

I just updated my server from Ubuntu 14.04LTS to Ubuntu 16.04LTS and
with it I got Shorewall version 5.0.4.

I ran "shorewall update" to convert the tcrules file to mangle and
everything went fine except for an error:

"WARNING: Interface ppp0 is not usable -- Provider vivo (3) not Started"

Interface ppp0 was perfectly fine. I know that the ISP "vivo" was
working just fine just before I issued the "shorewall restart" command that
got me that error message for the first time, and immediately I started
getting ISP is down messages from my monitoring software. So I am 100% sure
that the problem is not with the ppp0 interface.

I tried running "shorewall enable vivo" with no success (same error
message).
I googled and found a workaround suggested for a similar problem
reported back in 2011:

http://www.engardelinux.org/modules/index/list_archives.cgi?list=shorewall-users&page=0097.html&month=2011-08

However, I did not need the entire work around, the problem went away
by just changing the file in this way:

*I had originally:*
net ppp+ -
optional,wait=10,nosmurfs,tcpflags,nets=(!10.0.0.0/8)

*I changed to:*
net ppp0 -
optional,wait=10,nosmurfs,tcpflags,nets=(!10.0.0.0/8) net ppp+
- optional,wait=10,nosmurfs,tcpflags,nets=(!10.0.0.0/8)

Therefore, I actually had to add a ppp0 interface, ppp+ was not enough.
This is bad because this ISP's interface could become ppp1 or ppp2, ... in
the future.

I believe this is a bug, am I right? If it is so, is this a know bug of
version 5.0.4 and should I file a bug report on Ubuntu's bug tracking
system? Or is it enough to report it here?

Best regards,

Marcelo
Tom Eastep
2016-08-02 16:30:37 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Post by Marcelo Bello
Hello,
I just updated my server from Ubuntu 14.04LTS to Ubuntu 16.04LTS
and with it I got Shorewall version 5.0.4.
I ran "shorewall update" to convert the tcrules file to mangle and
"WARNING: Interface ppp0 is not usable -- Provider vivo (3) not Started"
Interface ppp0 was perfectly fine. I know that the ISP "vivo" was
working just fine just before I issued the "shorewall restart"
command that got me that error message for the first time, and
immediately I started getting ISP is down messages from my
monitoring software. So I am 100% sure that the problem is not with
the ppp0 interface.
I tried running "shorewall enable vivo" with no success (same
error message). I googled and found a workaround suggested for a
http://www.engardelinux.org/modules/index/list_archives.cgi?list=shorewall-users&page=0097.html&month=2011-08
However, I did not need the entire work around, the problem went
*I had originally:* net ppp+ -
optional,wait=10,nosmurfs,tcpflags,nets=(!10.0.0.0/8
<http://10.0.0.0/8>)
*I changed to:* net ppp0 -
optional,wait=10,nosmurfs,tcpflags,nets=(!10.0.0.0/8
<http://10.0.0.0/8>) net ppp+ -
optional,wait=10,nosmurfs,tcpflags,nets=(!10.0.0.0/8
<http://10.0.0.0/8>)
Therefore, I actually had to add a ppp0 interface, ppp+ was not
enough. This is bad because this ISP's interface could become ppp1
or ppp2, ... in the future.
I believe this is a bug, am I right? If it is so, is this a know
bug of version 5.0.4 and should I file a bug report on Ubuntu's bug
tracking system? Or is it enough to report it here?
What have you specified in /etc/shorewall/providers?

- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJXoMqtAAoJEJbms/JCOk0QrJwP/imHE9RvL+OrO6mDczjUpkpa
DOJwCxoENHWuWRPw3Jwcrkukqsb58R/bdCR0apBe8oUvN/y9NgtjEtbiXup+WafI
tVKiGwMeDaH3sSekdrQNrlGIfUZORdBRE7b9jJVZuVzgeHuIVM3uK5sfCz4ars3u
qx5RD8zM8IJWDsZ6RrNHrCkb89CTyhKzPkZE0h/y+weNLVpvJjvBaBMhA8Y7mW1C
Cdr/Zc33a/55T7EJsSDDFscjltE1Y3bLIdhd6WsQYutVuDJFkFGdvNnMDflGgCm+
qSIUle+Wcr/BuaiLaHdc+7lr/na8Z7u4TpmcOTdpZPYh7uHkusek9CBA1ZE8ajga
E+s/XrBEPliqKdVCB9TT68BWtR97db5TR5Jl8/9Osyo8/8hn8VGu8emIhImJx7XV
zUD8d1F6e3sa1kDC6UTmSSVQNlb9OhikFn2nk5Pirqi/j64BNN0SFxkn1lkUtNNz
6VJ1W+0U0YqwOzaz+WwiTUm9efAln4NUANXTy+iVzXss3h5A503XK5gmqUolj8DU
YgywnrtCnyYjv7v9tO7PMptkF3wzU1fSc2VWVRWEgNmvUd3bm7Jton6pe2Nxld3I
CdfBctU8D8cIelKpQ8ns40Y/rEovEZoyE1PBlh7uP8FCFhKIribKYrHJxKkU5RRS
eh0sWR2wQtrzS7LJGaBQ
=E4u9
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Marcelo Bello
2016-08-03 02:17:34 UTC
Permalink
Tom,

Providers file contains:
############################################################################################
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY
OPTIONS COPY
virtua 1 255 - eth1 detect
track,balance=1 -
vivo 3 254 - $VIVO_IFACE -
track,balance=100 -


*VIVO_IFACE is equal to "ppp0" in my case.*

*It is defined on params file as:*
VIVO_IFACE=$(pidfile=/var/run/ppp-vivo.pid && if test -e $pidfile; then
echo `awk '$1 ~ /ppp[0-9]+/' $pidfile`; else echo ppp0; fi)
VIVO_IFACE=$(if test -n "$VIVO_IFACE"; then echo $VIVO_IFACE; else echo
ppp0; fi)
---------- Forwarded message ----------
Date: Tue, 2 Aug 2016 09:30:37 -0700
Subject: Re: [Shorewall-users] Bug moving to version 5.0.4 (ubuntu
16.04LTS)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Post by Marcelo Bello
Hello,
I just updated my server from Ubuntu 14.04LTS to Ubuntu 16.04LTS
and with it I got Shorewall version 5.0.4.
I ran "shorewall update" to convert the tcrules file to mangle and
"WARNING: Interface ppp0 is not usable -- Provider vivo (3) not
Started"
Interface ppp0 was perfectly fine. I know that the ISP "vivo" was
working just fine just before I issued the "shorewall restart"
command that got me that error message for the first time, and
immediately I started getting ISP is down messages from my
monitoring software. So I am 100% sure that the problem is not with
the ppp0 interface.
I tried running "shorewall enable vivo" with no success (same
error message). I googled and found a workaround suggested for a
http://www.engardelinux.org/modules/index/list_archives.cgi?list=shorewall-users&page=0097.html&month=2011-08
Post by Marcelo Bello
However, I did not need the entire work around, the problem went
*I had originally:* net ppp+ -
optional,wait=10,nosmurfs,tcpflags,nets=(!10.0.0.0/8
<http://10.0.0.0/8>)
*I changed to:* net ppp0 -
optional,wait=10,nosmurfs,tcpflags,nets=(!10.0.0.0/8
<http://10.0.0.0/8>) net ppp+ -
optional,wait=10,nosmurfs,tcpflags,nets=(!10.0.0.0/8
<http://10.0.0.0/8>)
Therefore, I actually had to add a ppp0 interface, ppp+ was not
enough. This is bad because this ISP's interface could become ppp1
or ppp2, ... in the future.
I believe this is a bug, am I right? If it is so, is this a know
bug of version 5.0.4 and should I file a bug report on Ubuntu's bug
tracking system? Or is it enough to report it here?
What have you specified in /etc/shorewall/providers?
- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \_____________________________
Tom Eastep
2016-08-04 15:11:14 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Post by Marcelo Bello
Tom,
############################################################################################
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY
Post by Marcelo Bello
OPTIONS COPY virtua 1 255 -
eth1 detect track,balance=1 - vivo
3 254 - $VIVO_IFACE - track,balance=100
-
*VIVO_IFACE is equal to "ppp0" in my case.* * * *It is defined on
params file as:* VIVO_IFACE=$(pidfile=/var/run/ppp-vivo.pid && if
test -e $pidfile; then echo `awk '$1 ~ /ppp[0-9]+/' $pidfile`; else
echo ppp0; fi) VIVO_IFACE=$(if test -n "$VIVO_IFACE"; then echo
$VIVO_IFACE; else echo ppp0; fi)
I suggest then, that you use $VIVO_IFACE in your interfaces file as
well rather than ppp+. While I have a patch that allows your current
configuration to work, it will not be back-ported to 5.0.4.

Regards,
- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJXo1sSAAoJEJbms/JCOk0QzgMQAJMlkH/tCmplqeS4JiUdwOaa
kSqcwap3LVRqNuNRNQ3Qesv6psWdxSAYxWpoqAAZ5/995SbpJ3apJpUatY34kbWs
WttHn9jpcoCtB49PTaG2XSWsnZ3gyp/ZMYpDSjpw6BTL57M4qvo4ZgQRWwZ437Vq
uhZOVl+tooJ9Zm5fNl43shmmzzueQA87mxZVZZ9Zv6KNCo1WUGoA/+RO1NVzPORJ
n50H4jUjpI9W6FVwqULFyrSvmZG59PmFFBg5Hi6wHaAn/rUaoU/iatnC/KySct2T
PsFiY7+I/Ib5s5+V1Buf4d5OOpUQ4bcU2Vm81rzUy0b7nSl1gNfjYhE9CdIsbKzt
/8PC0SXDQnSSviac9ZbNgePX/unr/zepHGvl8gHpjZaDX9nL8jarRKdXvaK8EOq8
fNp+likjDvcNkuCzlRmaEmVzmLbjiNK2JMb5p+f1fGrBTPeDJAhCTbiw4HxC3z1T
KzNmvwyAdqey7udxB5TtL7HQnhjdwN/iUuzDZfQyHlKi5OmEv6uv8TX4yVz/Edrd
OnohKaFPTbPy9P7bU6U0ufy1FhIOJCgjASL5z3XGCUp36bz8r4uRVKR1Iu1v7rml
622K/HnX+Z39ANTA7ZcV5Ag21LzVcZjq8L5+iR/MY9w1V3YN/4QeshCgrUWladVE
dUMPlSzCNj49xFr+HFXS
=bdJU
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Loading...