| Anonymous | Login | 2024-12-21 23:53 MST |
| Main | My View | View Issues | Change Log | Roadmap | Repositories |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0001424 | ClearOS | app-multiwan - Multi-WAN | public | 2013-11-07 09:26 | 2020-02-03 08:26 | ||||
| Reporter | nikkilocke | ||||||||
| Assigned To | |||||||||
| Priority | normal | Severity | minor | Reproducibility | always | ||||
| Status | closed | Resolution | won't fix | ||||||
| Platform | ClearOS | OS | ClearOS Community | OS Version | 6.4.0 | ||||
| Product Version | 6.4.0 | ||||||||
| Target Version | Fixed in Version | ||||||||
| Summary | 0001424: The settings for MultiWAN Backup Only stop static routes between LAN and backup WAN working | ||||||||
| Description | My primary Internet connection (12 Mb/s) is via PPPoE through eth2 to a VDSL modem which gets FTTC Internet over the phone wire (ppp0). I also have another connection through eth1 to my local community wireless network (2 Mb/s), which I also administer. The wireless router connected to eth1 is at 192.168.50.1. I followed the instructions at http://www.clearcenter.com/support/documentation/clearos_guides/set_multiwan_to_backup_mode_instead_of_balance_mode [^] to set ppp0 as the primary Internet connection, and eth1 as the bckup. My multiwan.conf looks like this: MULTIPATH="off" MULTIPATH_WEIGHTS="eth1|1 ppp0|1" EXTIF_BACKUP="eth1" I have static routes set up in /etc/sysconfig/network-scripts/route-eth1: 172.16.0.0/16 via 192.168.50.1 10.251.0.0/16 via 192.168.50.1 192.168.101.0/24 via 192.168.50.1 192.168.102.0/24 via 192.168.50.1 192.168.103.0/24 via 192.168.50.1 With the above settings, I can connect to the above static routed ip addresses from the clearos machine, but any attempt to connect to them from the LAN fails. On the LAN, traceroute to (e.g.) 10.251.1.1 gets to clearos, then no more responses. Traceroute to 192.168.50.1 doesn't even get a reply from clearos. | ||||||||
| Steps To Reproduce | See above | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files |  firewallchanges.tar.z [^] (23,464 bytes) 2013-12-12 06:49 firewallchanges2.tar.z [^] (24,034 bytes) 2013-12-23 06:10 multiwan.zip [^] (8,317 bytes) 2014-01-28 06:09 | ||||||||
 Relationships |
||||||
|
||||||
 Relationships |
|
Notes |
|
|
(0001081) user2 2013-11-07 09:34 |
Setting this issue to "minor" since the "backup only" multiwan option is an unsupported command line feature in ClearOS. We'll fully integrate it one day (knock on wood). |
|
(0001097) nikkilocke (reporter) 2013-12-10 08:06 edited on: 2013-12-10 08:07 |
This may be minor to you, but it is pretty major to me. I need to set my (very slow) backup link to be backup, otherwise it gets used every 1 in 200 Internet connections. If someone can give me a clue where to look, I don't mind trying to fix it myself. |
|
(0001105) nikkilocke (reporter) 2013-12-11 11:23 |
I suspect the problem is buried in the firewall configuration scripts, as they don't seem to process the full list of up interfaces, just the ones syswatch says are "primary" (i.e. not backup, and up). I tried messing with them, but managed to bork something, so restored my backup, set MULTIPATH on again in multiwan.conf and approached it from a different angle. Syswatch runs /usr/sbin/syswatch.local if the list of up network interfaces changes, so I put in there a command which checks if ppp0 is up (the list of up interfaces is provided as command line arguments), and, if so, spawns another shell in the background, which sleeps for 60 seconds (so the firewall gets a chance to update the routing tables), then rewrites the default rule in ip route table 250 to send everything through ppp0. This seems to work, even though it is a massive kludge. Is there a place to discuss this sort of thing? |
|
(0001106) user2 2013-12-11 11:52 |
You can certainly discuss it here. Currently, the firewall will - for all intents and purposes - remove the backup interface from existence. What you need is for the firewall to keep the backup interface in play, but avoid forwarding traffic. Unfortunately, there are a whole bunch of other priorities that are ahead of this one, so we're a bit resource constrained. Take a look at the "WANIF" and "WANIF_CONFIG" parameters in the lua files in /usr/clearos/apps/firewall/deploy. WANIF is used when WANs are in use by multiwan, while WANIF_CONFIG is used for any configured WAN (active or not). |
|
(0001107) nikkilocke (reporter) 2013-12-12 06:49 |
I have had a look, and posted my analysis, and proposed fixes, to the development forum. Would anyone have time to review my code and discuss it with me? Should the category be changed to app-firewall? |
|
(0001115) nikkilocke (reporter) 2013-12-23 05:35 |
I see my firewall has upgraded to 1.5.18 since my changes (which has, of course, wiped them out). The new version prevents connecting to servers running on external interfaces if EXTIF_BACKUP is used. After the holidays, I will be looking at this again, and producing a new set of diffs. Maybe I can get to the bottom of the new problem as well. Are there any moe updates to firewall or multi-wan in the pipeline? |
|
(0001116) nikkilocke (reporter) 2013-12-23 06:11 |
Actually, I got fed up with nothing working right, and reimplemented my changes to the latest version - uploaded as firewallchanges2.tar.z |
|
(0001142) nikkilocke (reporter) 2014-01-28 06:10 |
I have uploadedmodifications to multiwan to add the facility to use Primary and Backup interfaces to the UI. The files in multiwan.zip replace the existing ones in /usr/clearos/apps/multiwan. NB: I have not altered the language files (I don't speak all those languages!), just hard coded the few necessary items of English text, with a comment to indicate this above each one. When submitting UI changes, is it normal to do this, or am I supposed to use Google Translate to get a rough translation, and update the language files accordingly? |
|
(0012941) NickH (developer) 2020-02-03 08:26 |
This may already be fixed. MultiWAN now supports Primary, Backup and Standby. Raise a new issue in GitLab if necessary. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2013-11-07 09:26 | nikkilocke | New Issue | |
| 2013-11-07 09:34 | user2 | Note Added: 0001081 | |
| 2013-11-07 09:34 | user2 | Severity | major => minor |
| 2013-11-07 09:34 | user2 | Status | new => acknowledged |
| 2013-11-07 09:34 | user2 | Category | clearos-base - Base System => app-multiwan - Multi-WAN |
| 2013-12-10 08:06 | nikkilocke | Note Added: 0001097 | |
| 2013-12-10 08:07 | nikkilocke | Note Edited: 0001097 | View Revisions |
| 2013-12-11 11:23 | nikkilocke | Note Added: 0001105 | |
| 2013-12-11 11:52 | user2 | Note Added: 0001106 | |
| 2013-12-12 06:49 | nikkilocke | Note Added: 0001107 | |
| 2013-12-12 06:49 | nikkilocke | File Added: firewallchanges.tar.z | |
| 2013-12-23 05:35 | nikkilocke | Note Added: 0001115 | |
| 2013-12-23 06:10 | nikkilocke | File Added: firewallchanges2.tar.z | |
| 2013-12-23 06:11 | nikkilocke | Note Added: 0001116 | |
| 2014-01-28 06:09 | nikkilocke | File Added: multiwan.zip | |
| 2014-01-28 06:10 | nikkilocke | Note Added: 0001142 | |
| 2014-02-12 15:12 | dsokoloski | Issue cloned: 0001554 | |
| 2014-02-12 15:12 | dsokoloski | Relationship added | related to 0001554 |
| 2014-02-12 15:13 | dsokoloski | Assigned To | => dsokoloski |
| 2014-02-12 15:13 | dsokoloski | Status | acknowledged => assigned |
| 2020-02-03 08:26 | NickH | Note Added: 0012941 | |
| 2020-02-03 08:26 | NickH | Status | assigned => closed |
| 2020-02-03 08:26 | NickH | Assigned To | dsokoloski => |
| 2020-02-03 08:26 | NickH | Resolution | open => won't fix |
|
Issue History |