| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] |
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0000679 | ClearOS | app-firewall - Firewall | public | 2012-07-11 11:00 | 2012-08-02 19:03 |
|
| Reporter | dsokoloski | |
| Assigned To | dsokoloski | |
| Priority | high | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | |
| Platform | | OS | | OS Version | |
| Product Version | 6.2.x | |
| Target Version | 6.3.0 | Fixed in Version | 6.3.0 | |
|
| Summary | 0000679: MultiWAN Default Routing Required |
| Description | It appears in ClearOS 6.x that default routing rules should be created regardless if syswatch has marked the external interface as off-line. Failure to do so results in an eventual total loss of connectivity if each external interface inevitably fails it's ping tests. |
| Steps To Reproduce | For a dual-WAN set-up:
- Edit /etc/syswatch, add two custom ping servers that you can control and restart syswatch.
- On the ping servers, add a blocking firewall rule that blocks pings from one of the external interfaces addresses, causing syswatch to mark that interface off-line. The firewall will be restarted by syswatch and all MultiWAN routing will be removed.
- Remove the blocking firewall rule so the host can now ping the servers.
- It would be expected that syswatch can now contact both ping servers and the MultiWAN environment would be restored. However this will never happen. ICMP pings/replies will be seen on the off-line interface, but for some reason (which is not due to any local firewall rules), the kernel discards them and user-land never sees them.
- If you block the second IP address on the ping servers, the same events occur and now the system is totally off-line and will never recover. |
| Additional Information | Experimental fix in SVN r4442. |
| Tags | No tags attached. |
|
| Attached Files | |
|
Relationships 
Relationships