|
Notes |
|
|
(0001081)
|
|
user2
|
|
2013-11-07 09:34
|
|
|
Setting this issue to "minor" since the "backup only" multiwan option is an unsupported command line feature in ClearOS. We'll fully integrate it one day (knock on wood). |
|
|
|
(0001097)
|
|
nikkilocke
|
2013-12-10 08:06
(edited on: 2013-12-10 08:07) |
|
This may be minor to you, but it is pretty major to me. I need to set my (very slow) backup link to be backup, otherwise it gets used every 1 in 200 Internet connections.
If someone can give me a clue where to look, I don't mind trying to fix it myself.
|
|
|
|
|
I suspect the problem is buried in the firewall configuration scripts, as they don't seem to process the full list of up interfaces, just the ones syswatch says are "primary" (i.e. not backup, and up).
I tried messing with them, but managed to bork something, so restored my backup, set MULTIPATH on again in multiwan.conf and approached it from a different angle.
Syswatch runs /usr/sbin/syswatch.local if the list of up network interfaces changes, so I put in there a command which checks if ppp0 is up (the list of up interfaces is provided as command line arguments), and, if so, spawns another shell in the background, which sleeps for 60 seconds (so the firewall gets a chance to update the routing tables), then rewrites the default rule in ip route table 250 to send everything through ppp0.
This seems to work, even though it is a massive kludge.
Is there a place to discuss this sort of thing? |
|
|
|
(0001106)
|
|
user2
|
|
2013-12-11 11:52
|
|
You can certainly discuss it here. Currently, the firewall will - for all intents and purposes - remove the backup interface from existence. What you need is for the firewall to keep the backup interface in play, but avoid forwarding traffic.
Unfortunately, there are a whole bunch of other priorities that are ahead of this one, so we're a bit resource constrained. Take a look at the "WANIF" and "WANIF_CONFIG" parameters in the lua files in /usr/clearos/apps/firewall/deploy. WANIF is used when WANs are in use by multiwan, while WANIF_CONFIG is used for any configured WAN (active or not). |
|
|
|
|
I have had a look, and posted my analysis, and proposed fixes, to the development forum. Would anyone have time to review my code and discuss it with me?
Should the category be changed to app-firewall? |
|
|
|
|
I see my firewall has upgraded to 1.5.18 since my changes (which has, of course, wiped them out). The new version prevents connecting to servers running on external interfaces if EXTIF_BACKUP is used.
After the holidays, I will be looking at this again, and producing a new set of diffs. Maybe I can get to the bottom of the new problem as well.
Are there any moe updates to firewall or multi-wan in the pipeline? |
|
|
|
|
|
Actually, I got fed up with nothing working right, and reimplemented my changes to the latest version - uploaded as firewallchanges2.tar.z |
|
|
|
|
I have uploadedmodifications to multiwan to add the facility to use Primary and Backup interfaces to the UI. The files in multiwan.zip replace the existing ones in /usr/clearos/apps/multiwan.
NB: I have not altered the language files (I don't speak all those languages!), just hard coded the few necessary items of English text, with a comment to indicate this above each one.
When submitting UI changes, is it normal to do this, or am I supposed to use Google Translate to get a rough translation, and update the language files accordingly? |
|
|
|
(0012941)
|
|
NickH
|
|
2020-02-03 08:26
|
|
|
This may already be fixed. MultiWAN now supports Primary, Backup and Standby. Raise a new issue in GitLab if necessary. |
|
firewallchanges.tar.z (23,464) 2013-12-12 06:49
multiwan.zip (8,317) 2014-01-28 06:09