Anonymous | Login | 2024-12-22 00:22 MST |
Main | My View | View Issues | Change Log | Roadmap | Repositories |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0000993 | ClearOS | app-firewall - Firewall | public | 2013-02-25 20:46 | 2019-04-26 02:52 | ||||
Reporter | user2 | ||||||||
Assigned To | |||||||||
Priority | normal | Severity | tweak | Reproducibility | always | ||||
Status | closed | Resolution | suspended | ||||||
Platform | OS | OS Version | |||||||
Product Version | |||||||||
Target Version | Fixed in Version | ||||||||
Summary | 0000993: Access to local WAN network should be permitted even when WAN is offline | ||||||||
Description | In some circumstances, access equipment directly connected to a WAN is necessary even when offline. Consider example: - WAN1 / eth1 @ 2.2.2.2 with gateway 2.2.2.1 - WAN2 / eth2 @ 3.3.3.3 with gateway 3.3.3.1 - LAN / eth3 @ 192.168.99.x If WAN1 goes offline, it should be possible to still access the gateway at 2.2.2.1. Currently, that access fails due to masquerading/routing. When WAN1 is offline, traffic from the LAN (192.168.99.x) to 2.2.2.1 is not masqueraded. When the 2.2.2.1 system sends the reply, it will sent it out its default gateway (not back to 2.2.2.2). | ||||||||
Additional Information | In ClearOS 5.x, the following workaround is available - add masquerading to all WAN interfaces in /etc/rc.d/rc.firewall.local. Continuing with our example, this would be: /sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE /sbin/iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE In ClearOS 6, additional work is required. The individual routing tables for external interfaces (first loop in RunMultipath()) interferes with the above workaround. To investigate. | ||||||||
Tags | No tags attached. | ||||||||
Attached Files | |||||||||
Notes | |
(0011811) NickH (developer) 2019-04-26 02:52 |
Migrated to https://gitlab.com/clearos/clearfoundation/app-multiwan/issues/2 [^] and redesignated to app-multiwan |
Issue History | |||
Date Modified | Username | Field | Change |
2013-02-25 20:46 | user2 | New Issue | |
2013-02-25 20:47 | user2 | Assigned To | => user2 |
2013-02-25 20:47 | user2 | Status | new => confirmed |
2013-02-25 20:49 | user2 | Additional Information Updated | View Revisions |
2013-02-25 20:49 | user2 | Assigned To | user2 => dsokoloski |
2013-02-25 20:49 | user2 | Status | confirmed => assigned |
2013-02-25 20:56 | user2 | Description Updated | View Revisions |
2019-04-26 02:52 | NickH | Note Added: 0011811 | |
2019-04-26 02:52 | NickH | Status | assigned => closed |
2019-04-26 02:52 | NickH | Assigned To | dsokoloski => |
2019-04-26 02:52 | NickH | Resolution | open => suspended |