ClearOS Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001424ClearOSapp-multiwan - Multi-WANpublic2013-11-07 09:262020-02-03 08:26
Assigned To 
StatusclosedResolutionwon't fix 
PlatformClearOSOSClearOS CommunityOS Version6.4.0
Product Version6.4.0 
Target VersionFixed in Version 
Summary0001424: The settings for MultiWAN Backup Only stop static routes between LAN and backup WAN working
DescriptionMy primary Internet connection (12 Mb/s) is via PPPoE through eth2 to a VDSL modem which gets FTTC Internet over the phone wire (ppp0). I also have another connection through eth1 to my local community wireless network (2 Mb/s), which I also administer. The wireless router connected to eth1 is at

I followed the instructions at [^] to set ppp0 as the primary Internet connection, and eth1 as the bckup.
My multiwan.conf looks like this:

MULTIPATH_WEIGHTS="eth1|1 ppp0|1"

I have static routes set up in /etc/sysconfig/network-scripts/route-eth1: via via via via via

With the above settings, I can connect to the above static routed ip addresses from the clearos machine, but any attempt to connect to them from the LAN fails. On the LAN, traceroute to (e.g.) gets to clearos, then no more responses. Traceroute to doesn't even get a reply from clearos.
Steps To ReproduceSee above
TagsNo tags attached.
Attached Files? file icon firewallchanges.tar.z [^] (23,464 bytes) 2013-12-12 06:49
? file icon firewallchanges2.tar.z [^] (24,034 bytes) 2013-12-23 06:10
zip file icon [^] (8,317 bytes) 2014-01-28 06:09

- Relationships
related to 0001554closed The settings for MultiWAN Backup Only stop static routes between LAN and backup WAN working 

-  Notes
2013-11-07 09:34

Setting this issue to "minor" since the "backup only" multiwan option is an unsupported command line feature in ClearOS. We'll fully integrate it one day (knock on wood).
nikkilocke (reporter)
2013-12-10 08:06
edited on: 2013-12-10 08:07

This may be minor to you, but it is pretty major to me. I need to set my (very slow) backup link to be backup, otherwise it gets used every 1 in 200 Internet connections.

If someone can give me a clue where to look, I don't mind trying to fix it myself.

nikkilocke (reporter)
2013-12-11 11:23

I suspect the problem is buried in the firewall configuration scripts, as they don't seem to process the full list of up interfaces, just the ones syswatch says are "primary" (i.e. not backup, and up).

I tried messing with them, but managed to bork something, so restored my backup, set MULTIPATH on again in multiwan.conf and approached it from a different angle.

Syswatch runs /usr/sbin/syswatch.local if the list of up network interfaces changes, so I put in there a command which checks if ppp0 is up (the list of up interfaces is provided as command line arguments), and, if so, spawns another shell in the background, which sleeps for 60 seconds (so the firewall gets a chance to update the routing tables), then rewrites the default rule in ip route table 250 to send everything through ppp0.

This seems to work, even though it is a massive kludge.

Is there a place to discuss this sort of thing?
2013-12-11 11:52

You can certainly discuss it here. Currently, the firewall will - for all intents and purposes - remove the backup interface from existence. What you need is for the firewall to keep the backup interface in play, but avoid forwarding traffic.

Unfortunately, there are a whole bunch of other priorities that are ahead of this one, so we're a bit resource constrained. Take a look at the "WANIF" and "WANIF_CONFIG" parameters in the lua files in /usr/clearos/apps/firewall/deploy. WANIF is used when WANs are in use by multiwan, while WANIF_CONFIG is used for any configured WAN (active or not).
nikkilocke (reporter)
2013-12-12 06:49

I have had a look, and posted my analysis, and proposed fixes, to the development forum. Would anyone have time to review my code and discuss it with me?

Should the category be changed to app-firewall?
nikkilocke (reporter)
2013-12-23 05:35

I see my firewall has upgraded to 1.5.18 since my changes (which has, of course, wiped them out). The new version prevents connecting to servers running on external interfaces if EXTIF_BACKUP is used.

After the holidays, I will be looking at this again, and producing a new set of diffs. Maybe I can get to the bottom of the new problem as well.

Are there any moe updates to firewall or multi-wan in the pipeline?
nikkilocke (reporter)
2013-12-23 06:11

Actually, I got fed up with nothing working right, and reimplemented my changes to the latest version - uploaded as firewallchanges2.tar.z
nikkilocke (reporter)
2014-01-28 06:10

I have uploadedmodifications to multiwan to add the facility to use Primary and Backup interfaces to the UI. The files in replace the existing ones in /usr/clearos/apps/multiwan.

NB: I have not altered the language files (I don't speak all those languages!), just hard coded the few necessary items of English text, with a comment to indicate this above each one.

When submitting UI changes, is it normal to do this, or am I supposed to use Google Translate to get a rough translation, and update the language files accordingly?
NickH (developer)
2020-02-03 08:26

This may already be fixed. MultiWAN now supports Primary, Backup and Standby. Raise a new issue in GitLab if necessary.

- Issue History
Date Modified Username Field Change
2013-11-07 09:26 nikkilocke New Issue
2013-11-07 09:34 user2 Note Added: 0001081
2013-11-07 09:34 user2 Severity major => minor
2013-11-07 09:34 user2 Status new => acknowledged
2013-11-07 09:34 user2 Category clearos-base - Base System => app-multiwan - Multi-WAN
2013-12-10 08:06 nikkilocke Note Added: 0001097
2013-12-10 08:07 nikkilocke Note Edited: 0001097 View Revisions
2013-12-11 11:23 nikkilocke Note Added: 0001105
2013-12-11 11:52 user2 Note Added: 0001106
2013-12-12 06:49 nikkilocke Note Added: 0001107
2013-12-12 06:49 nikkilocke File Added: firewallchanges.tar.z
2013-12-23 05:35 nikkilocke Note Added: 0001115
2013-12-23 06:10 nikkilocke File Added: firewallchanges2.tar.z
2013-12-23 06:11 nikkilocke Note Added: 0001116
2014-01-28 06:09 nikkilocke File Added:
2014-01-28 06:10 nikkilocke Note Added: 0001142
2014-02-12 15:12 dsokoloski Issue cloned: 0001554
2014-02-12 15:12 dsokoloski Relationship added related to 0001554
2014-02-12 15:13 dsokoloski Assigned To => dsokoloski
2014-02-12 15:13 dsokoloski Status acknowledged => assigned
2020-02-03 08:26 NickH Note Added: 0012941
2020-02-03 08:26 NickH Status assigned => closed
2020-02-03 08:26 NickH Assigned To dsokoloski =>
2020-02-03 08:26 NickH Resolution open => won't fix