17377 – problem internet connection for gateway, because drakgw adds a 0.0.0.0 gateway for the intranet interface, too

Bug 17377 - problem internet connection for gateway, because drakgw adds a 0.0.0.0 gateway for the intranet interface, too

Summary: problem internet connection for gateway, because drakgw adds a 0.0.0.0 gatewa...

Status:	RESOLVED OLD

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	5
Hardware:	x86_64 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Mageia tools maintainers
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2015-12-21 21:29 CET by Jean-Marc AUBRY
Modified:	2018-10-07 15:39 CEST (History)
CC List:	4 users (show)

See Also:
Source RPM:	drakx-net
CVE:
Status comment:

Attachments
journalctl-f_1.txt (1.38 KB, text/plain) 2016-01-19 14:57 CET, Marja Van Waes	Details
journalctl-f_2.txt (1.20 KB, text/plain) 2016-01-19 14:58 CET, Marja Van Waes	Details
journalctl-f_3.txt (1.15 KB, text/plain) 2016-01-19 14:59 CET, Marja Van Waes	Details
journalctl-f_4.txt (1.06 KB, text/plain) 2016-01-19 14:59 CET, Marja Van Waes	Details
journalctl-f_5.txt (1.10 KB, text/plain) 2016-01-19 15:00 CET, Marja Van Waes	Details
journalctl-f_6.txt (1.14 KB, text/plain) 2016-01-19 15:00 CET, Marja Van Waes	Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Jean-Marc AUBRY 2015-12-21 21:29:32 CET

Description of problem: blocking internet connection.

I have a machine with two network interfaces to share the Internet connection with other machines. The interface that is connected to the Internet: enp2s0 (192.168.2.1), the interface that is connected to the LAN: enp3s0 (192.168.0.254). Everything works, the machine ensures the sharing of the Internet connection but if I disable the interface (enp2s0) and if I enabled it again I have no internet connection !!! But the interface is properly configured, it has its IP address (192.168.2.1). I suppose there is a problem with the firewall.


Version-Release number of selected component (if applicable):Magiea 5

How reproducible: 

disable the network interface,
enable the network interface.


Steps to Reproduce:

disable the network interface,
enable the network interface.


To find the internet connection, I have 3 methods /

1) - I can reboot the machine.
2) - I reconfigure sharing the internet connection with drakgw
3) - I raised the script: /etc/init.d/network restart
and I have the following messages and the internet works !!!

[root @ xxxxx Lisa] # /etc/init.d/network restart
Restarting network (via systemctl): Job for network.service failed. See "systemctl network.service status" and "journalctl -xe" for details.
                                                                                                                                             [FAILURE ]
[root @ xxxxx Lisa] #

[root@Lisa xxxxx]# journalctl -xe
déc. 21 21:11:13 Lisa avahi-daemon[853]: New relevant interface enp3s0.IPv4 for mDNS.
déc. 21 21:11:13 Lisa avahi-daemon[853]: Registering new address record for 192.168.0.254 on enp3s0.IPv4.
déc. 21 21:11:13 Lisa NetworkManager[845]: <info>  (enp3s0): device state change: ip-config -> ip-check (reason 'none') [70 80 0]
déc. 21 21:11:13 Lisa NetworkManager[845]: <info>  (enp3s0): Activation: Stage 5 of 5 (IPv4 Commit) complete.
déc. 21 21:11:13 Lisa NetworkManager[845]: <info>  (enp3s0): device state change: ip-check -> secondaries (reason 'none') [80 90 0]
déc. 21 21:11:13 Lisa NetworkManager[845]: <info>  (enp3s0): device state change: secondaries -> activated (reason 'none') [90 100 0]
déc. 21 21:11:13 Lisa NetworkManager[845]: <info>  Writing DNS information to /sbin/resolvconf
déc. 21 21:11:13 Lisa NetworkManager[845]: <info>  (enp3s0): Activation: successful, device activated.
déc. 21 21:11:13 Lisa nm-dispatcher[8117]: Dispatching action 'up' for enp3s0
déc. 21 21:11:13 Lisa network[8469]: Activation de l'interface enp3s0 :  [ÃCHEC ]
déc. 21 21:11:13 Lisa NetworkManager[845]: (NetworkManager:845): NetworkManager-ifcfg-rh-CRITICAL **: discover_mac_address: assertion 'error != NULL' failed
déc. 21 21:11:13 Lisa network[8469]: Activation de l'interface eth0 :  deferred to NetworkManager [  OK  ]
déc. 21 21:11:13 Lisa systemd-sysctl[8901]: Overwriting earlier assignment of kernel/sysrq in file '/etc/sysctl.d/51-alt-sysrq.conf'.
déc. 21 21:11:13 Lisa systemd[1]: network.service: control process exited, code=exited status=1
déc. 21 21:11:13 Lisa systemd[1]: Failed to start LSB: Bring up/down networking.
-- Subject: L'unité (unit) network.service a échoué
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- L'unité (unit) network.service a échoué, avec le résultat failed.
déc. 21 21:11:13 Lisa systemd[1]: Unit network.service entered failed state.
déc. 21 21:11:13 Lisa systemd[1]: network.service failed.
déc. 21 21:11:14 Lisa avahi-daemon[853]: Registering new address record for fe80::feaa:14ff:feb2:8471 on enp2s0.*.
déc. 21 21:11:14 Lisa mgaapplet[2297]: Computing new updates...
déc. 21 21:11:14 Lisa mgaapplet[2297]: running: mgaapplet-update-checker
déc. 21 21:11:14 Lisa mgaapplet-update-checker[8916]: ### Program is starting ###
déc. 21 21:11:15 Lisa mgaapplet-update-checker[8916]: running: urpmi.update --update
déc. 21 21:11:15 Lisa pkexec[8928]: pam_tcb(polkit-1:session): Session opened for root by (uid=500)
déc. 21 21:11:15 Lisa pkexec[8928]: xxxxx: Executing command [USER=root] [TTY=unknown] [CWD=/] [COMMAND=/usr/libexec/urpmi.update --update]
déc. 21 21:11:15 Lisa avahi-daemon[853]: Registering new address record for fe80::c66e:1fff:fe03:43b6 on enp3s0.*.
déc. 21 21:11:17 Lisa named[1849]: network unreachable resolving './NS/IN': 2001:500:84::b#53
déc. 21 21:11:17 Lisa named[1849]: network unreachable resolving 'translate.google.fr/AAAA/IN': 2001:500:84::b#53
déc. 21 21:11:17 Lisa named[1849]: network unreachable resolving './NS/IN': 2001:500:3::42#53
déc. 21 21:11:17 Lisa named[1849]: network unreachable resolving 'translate.google.fr/A/IN': 2001:500:3::42#53
déc. 21 21:11:17 Lisa named[1849]: network unreachable resolving 'translate.google.fr/AAAA/IN': 2001:500:3::42#53
déc. 21 21:11:17 Lisa named[1849]: network unreachable resolving 'translate.google.fr/A/IN': 2a00:d78:0:102:193:176:144:22#53
déc. 21 21:11:17 Lisa named[1849]: network unreachable resolving 'd.nic.fr/A/IN': 2001:500:2e::2#53
déc. 21 21:11:17 Lisa named[1849]: network unreachable resolving 'd.nic.fr/A/IN': 2001:67c:1010:11::53#53
déc. 21 21:11:22 Lisa mgaapplet-update-checker[8916]: updating inactive backport media Core Backports (distrib7), Nonfree Backports (distrib17), Tainted Back
déc. 21 21:11:22 Lisa mgaapplet-update-checker[8916]: running: urpmi.update Core Backports (distrib7)
déc. 21 21:11:22 Lisa pkexec[8960]: pam_tcb(polkit-1:session): Session opened for root by (uid=500)
déc. 21 21:11:22 Lisa pkexec[8960]: xxxxx: Executing command [USER=root] [TTY=unknown] [CWD=/] [COMMAND=/usr/libexec/urpmi.update Core Backports (distrib7)]
déc. 21 21:11:24 Lisa mgaapplet-update-checker[8916]: running: urpmi.update Nonfree Backports (distrib17)
déc. 21 21:11:24 Lisa pkexec[8970]: pam_tcb(polkit-1:session): Session opened for root by (uid=500)
déc. 21 21:11:24 Lisa pkexec[8970]: xxxxx: Executing command [USER=root] [TTY=unknown] [CWD=/] [COMMAND=/usr/libexec/urpmi.update Nonfree Backports (distrib1
déc. 21 21:11:25 Lisa mgaapplet-update-checker[8916]: running: urpmi.update Tainted Backports (distrib27)
déc. 21 21:11:25 Lisa pkexec[8980]: pam_tcb(polkit-1:session): Session opened for root by (uid=500)
déc. 21 21:11:25 Lisa pkexec[8980]: xxxxx: Executing command [USER=root] [TTY=unknown] [CWD=/] [COMMAND=/usr/libexec/urpmi.update Tainted Backports (distrib2
déc. 21 21:11:27 Lisa mgaapplet-update-checker[8916]: running: urpmi.update Core 32bit Backports (distrib34)
déc. 21 21:11:27 Lisa pkexec[8990]: pam_tcb(polkit-1:session): Session opened for root by (uid=500)
déc. 21 21:11:27 Lisa pkexec[8990]: xxxxx: Executing command [USER=root] [TTY=unknown] [CWD=/] [COMMAND=/usr/libexec/urpmi.update Core 32bit Backports (distr
déc. 21 21:11:28 Lisa mgaapplet-update-checker[8916]: running: urpmi.update Nonfree 32bit Backports (distrib39)
déc. 21 21:11:28 Lisa pkexec[9000]: pam_tcb(polkit-1:session): Session opened for root by (uid=500)
déc. 21 21:11:28 Lisa pkexec[9000]: xxxxx: Executing command [USER=root] [TTY=unknown] [CWD=/] [COMMAND=/usr/libexec/urpmi.update Nonfree 32bit Backports (di
déc. 21 21:11:29 Lisa mgaapplet-update-checker[8916]: running: urpmi.update Tainted 32bit Backports (distrib44)
déc. 21 21:11:29 Lisa pkexec[9009]: pam_tcb(polkit-1:session): Session opened for root by (uid=500)
déc. 21 21:11:29 Lisa pkexec[9009]: xxxxx: Executing command [USER=root] [TTY=unknown] [CWD=/] [COMMAND=/usr/libexec/urpmi.update Tainted 32bit Backports (di
déc. 21 21:11:32 Lisa mgaapplet[2297]: Packages are up to date
...skipping...
déc. 21 21:11:13 Lisa avahi-daemon[853]: New relevant interface enp3s0.IPv4 for mDNS.
déc. 21 21:11:13 Lisa avahi-daemon[853]: Registering new address record for 192.168.0.254 on enp3s0.IPv4.
déc. 21 21:11:13 Lisa NetworkManager[845]: <info>  (enp3s0): device state change: ip-config -> ip-check (reason 'none') [70 80 0]
déc. 21 21:11:13 Lisa NetworkManager[845]: <info>  (enp3s0): Activation: Stage 5 of 5 (IPv4 Commit) complete.
déc. 21 21:11:13 Lisa NetworkManager[845]: <info>  (enp3s0): device state change: ip-check -> secondaries (reason 'none') [80 90 0]
déc. 21 21:11:13 Lisa NetworkManager[845]: <info>  (enp3s0): device state change: secondaries -> activated (reason 'none') [90 100 0]
déc. 21 21:11:13 Lisa NetworkManager[845]: <info>  Writing DNS information to /sbin/resolvconf
déc. 21 21:11:13 Lisa NetworkManager[845]: <info>  (enp3s0): Activation: successful, device activated.
déc. 21 21:11:13 Lisa nm-dispatcher[8117]: Dispatching action 'up' for enp3s0
déc. 21 21:11:13 Lisa network[8469]: Activation de l'interface enp3s0 :  [ÃCHEC ]
déc. 21 21:11:13 Lisa NetworkManager[845]: (NetworkManager:845): NetworkManager-ifcfg-rh-CRITICAL **: discover_mac_address: assertion 'error != NULL' failed
déc. 21 21:11:13 Lisa network[8469]: Activation de l'interface eth0 :  deferred to NetworkManager [  OK  ]
déc. 21 21:11:13 Lisa systemd-sysctl[8901]: Overwriting earlier assignment of kernel/sysrq in file '/etc/sysctl.d/51-alt-sysrq.conf'.
déc. 21 21:11:13 Lisa systemd[1]: network.service: control process exited, code=exited status=1
déc. 21 21:11:13 Lisa systemd[1]: Failed to start LSB: Bring up/down networking.
-- Subject: L'unité (unit) network.service a échoué
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- L'unité (unit) network.service a échoué, avec le résultat failed.
déc. 21 21:11:13 Lisa systemd[1]: Unit network.service entered failed state.
déc. 21 21:11:13 Lisa systemd[1]: network.service failed.
déc. 21 21:11:14 Lisa avahi-daemon[853]: Registering new address record for fe80::feaa:14ff:feb2:8471 on enp2s0.*.
déc. 21 21:11:14 Lisa mgaapplet[2297]: Computing new updates...
déc. 21 21:11:14 Lisa mgaapplet[2297]: running: mgaapplet-update-checker
déc. 21 21:11:14 Lisa mgaapplet-update-checker[8916]: ### Program is starting ###
déc. 21 21:11:15 Lisa mgaapplet-update-checker[8916]: running: urpmi.update --update
déc. 21 21:11:15 Lisa pkexec[8928]: pam_tcb(polkit-1:session): Session opened for root by (uid=500)
déc. 21 21:11:15 Lisa pkexec[8928]: aubry: Executing command [USER=root] [TTY=unknown] [CWD=/] [COMMAND=/usr/libexec/urpmi.update --update]
déc. 21 21:11:15 Lisa avahi-daemon[853]: Registering new address record for fe80::c66e:1fff:fe03:43b6 on enp3s0.*.
déc. 21 21:11:17 Lisa named[1849]: network unreachable resolving './NS/IN': 2001:500:84::b#53
déc. 21 21:11:17 Lisa named[1849]: network unreachable resolving 'translate.google.fr/AAAA/IN': 2001:500:84::b#53
déc. 21 21:11:17 Lisa named[1849]: network unreachable resolving './NS/IN': 2001:500:3::42#53
déc. 21 21:11:17 Lisa named[1849]: network unreachable resolving 'translate.google.fr/A/IN': 2001:500:3::42#53
déc. 21 21:11:17 Lisa named[1849]: network unreachable resolving 'translate.google.fr/AAAA/IN': 2001:500:3::42#53
déc. 21 21:11:17 Lisa named[1849]: network unreachable resolving 'translate.google.fr/A/IN': 2a00:d78:0:102:193:176:144:22#53
déc. 21 21:11:17 Lisa named[1849]: network unreachable resolving 'd.nic.fr/A/IN': 2001:500:2e::2#53
déc. 21 21:11:17 Lisa named[1849]: network unreachable resolving 'd.nic.fr/A/IN': 2001:67c:1010:11::53#53
déc. 21 21:11:22 Lisa mgaapplet-update-checker[8916]: updating inactive backport media Core Backports (distrib7), Nonfree Backports (distrib17), Tainted Back
déc. 21 21:11:22 Lisa mgaapplet-update-checker[8916]: running: urpmi.update Core Backports (distrib7)
déc. 21 21:11:22 Lisa pkexec[8960]: pam_tcb(polkit-1:session): Session opened for root by (uid=500)
déc. 21 21:11:22 Lisa pkexec[8960]: xxxxx: Executing command [USER=root] [TTY=unknown] [CWD=/] [COMMAND=/usr/libexec/urpmi.update Core Backports (distrib7)]
déc. 21 21:11:24 Lisa mgaapplet-update-checker[8916]: running: urpmi.update Nonfree Backports (distrib17)
déc. 21 21:11:24 Lisa pkexec[8970]: pam_tcb(polkit-1:session): Session opened for root by (uid=500)
déc. 21 21:11:24 Lisa pkexec[8970]: xxxxx: Executing command [USER=root] [TTY=unknown] [CWD=/] [COMMAND=/usr/libexec/urpmi.update Nonfree Backports (distrib1
déc. 21 21:11:25 Lisa mgaapplet-update-checker[8916]: running: urpmi.update Tainted Backports (distrib27)
déc. 21 21:11:25 Lisa pkexec[8980]: pam_tcb(polkit-1:session): Session opened for root by (uid=500)
déc. 21 21:11:25 Lisa pkexec[8980]: xxxxx: Executing command [USER=root] [TTY=unknown] [CWD=/] [COMMAND=/usr/libexec/urpmi.update Tainted Backports (distrib2
déc. 21 21:11:27 Lisa mgaapplet-update-checker[8916]: running: urpmi.update Core 32bit Backports (distrib34)
déc. 21 21:11:27 Lisa pkexec[8990]: pam_tcb(polkit-1:session): Session opened for root by (uid=500)
déc. 21 21:11:27 Lisa pkexec[8990]: xxxxx: Executing command [USER=root] [TTY=unknown] [CWD=/] [COMMAND=/usr/libexec/urpmi.update Core 32bit Backports (distr
déc. 21 21:11:28 Lisa mgaapplet-update-checker[8916]: running: urpmi.update Nonfree 32bit Backports (distrib39)
déc. 21 21:11:28 Lisa pkexec[9000]: pam_tcb(polkit-1:session): Session opened for root by (uid=500)
déc. 21 21:11:28 Lisa pkexec[9000]: xxxxx: Executing command [USER=root] [TTY=unknown] [CWD=/] [COMMAND=/usr/libexec/urpmi.update Nonfree 32bit Backports (di
déc. 21 21:11:29 Lisa mgaapplet-update-checker[8916]: running: urpmi.update Tainted 32bit Backports (distrib44)
déc. 21 21:11:29 Lisa pkexec[9009]: pam_tcb(polkit-1:session): Session opened for root by (uid=500)
déc. 21 21:11:29 Lisa pkexec[9009]: xxxxx: Executing command [USER=root] [TTY=unknown] [CWD=/] [COMMAND=/usr/libexec/urpmi.update Tainted 32bit Backports (di
déc. 21 21:11:32 Lisa mgaapplet[2297]: Packages are up to date
lines 954-1011/1011 (END)


Reproducible: 

Steps to Reproduce:

Florian Hubold 2015-12-31 15:49:57 CET

CC: (none) => doktor5000

Comment 1 Marja Van Waes 2016-01-01 11:07:01 CET

hi Jean-Marc,

since you filed this bug report i've read it many times, but i keep failing to understand it well enough, sorry :-(

i do understand the internet connection on the system that shares its connection fails, after you disable the lan card that's connected to the internet, and then enable it again. is that correct?

* if so: what is the output (as root) from 

  systemctl -a | grep -i network

on that system
** from when it still worked 
** and from after reenabling that network card and seeing it no longer works


* how exactly do you disable and enable that network card?

* please _attach_ journalctl-f.txt that is the result of (again as root) running the following command on the network sharing system from just before you disable the network card until it's reenabled and you see it fails.

   journalctl -f > journalctl-f.txt

(you then can stop it with ctrl + c)

Keywords: (none) => NEEDINFO
CC: (none) => marja11

Comment 2 Marja Van Waes 2016-01-19 14:57:47 CET

Created attachment 7356 [details]
journalctl-f_1.txt

I had missed the reply Jean-Marc wrote over two weeks ago :-(

@ Jean-Marc

It is better to log into your Bugzilla bug report and reply there, that way all (including much brighter people than me) can see your comment and there is no chance that it gets lost, like it almost did in my mailbox with thousands of unread messages.

Op 01-01-16 om 23:26 schreef AUBRY Jean-Marc:
> 
> 
> 
> -------- Message transféré --------
> Sujet :     Re: [Bug 17377] problem internet connection for gateway
> Date :     Fri, 1 Jan 2016 23:15:53 +0100
> De :     AUBRY Jean-Marc <jm.81000@free.fr>
> Pour :     Marja van Waes <bugzilla-daemon@mageia.org>
> 
> 
<snip>
> 
> 
> Hi Marja
> 
> Happy New Year
> 
> I prepare the files and you understand the problem.
> 
> 
> The interface is connected to the internet is enp2s0.
> 
> The interface is connected to the local lan is enp3s0.
> 
> 1) - Internet work correctly.
> 
> 2) - I stop (with network manager or other) interface enp2s0. (file
> journalctl-f_1.txt)
> And the local lan work correctly (except internet)
> 
> 3) - I restart interface enp2s0 (file journalctl-f_2.txt), but
> a the moment internet don't work ??? Why ??? And the local lan still
> work correctly (
> except internet). 4) - If I want restart internet :
> 
> I stop interface enp2s0  (file journalctl-f_3.txt)
> 
> I stop interface enp3s0  (file journalctl-f_4.txt)
> 
> I start interface enp2s0  (file journalctl-f_5.txt)
> 
> I start interface enp3s0  (file journalctl-f_6.txt)
> 
>   Then everything works correctly Bye.

Comment 3 Marja Van Waes 2016-01-19 14:58:30 CET

Created attachment 7357 [details]
journalctl-f_2.txt

Comment 4 Marja Van Waes 2016-01-19 14:59:01 CET

Created attachment 7358 [details]
journalctl-f_3.txt

Comment 5 Marja Van Waes 2016-01-19 14:59:30 CET

Created attachment 7359 [details]
journalctl-f_4.txt

Comment 6 Marja Van Waes 2016-01-19 15:00:07 CET

Created attachment 7360 [details]
journalctl-f_5.txt

Comment 7 Marja Van Waes 2016-01-19 15:00:39 CET

Created attachment 7361 [details]
journalctl-f_6.txt

Comment 8 Marja Van Waes 2016-01-19 15:08:25 CET

(In reply to Marja van Waes from comment #2)
> Created attachment 7356 [details]
> journalctl-f_1.txt
> 
> I had missed the reply Jean-Marc wrote over two weeks ago :-(
> 
> @ Jean-Marc
> 
> It is better to log into your Bugzilla bug report and reply there, that way
> all (including much brighter people than me) can see your comment and there
> is no chance that it gets lost, like it almost did in my mailbox with
> thousands of unread messages.
> 
> Op 01-01-16 om 23:26 schreef AUBRY Jean-Marc:
> > 
> > 
> > 
> > -------- Message transféré --------
> > Sujet :     Re: [Bug 17377] problem internet connection for gateway
> > Date :     Fri, 1 Jan 2016 23:15:53 +0100
> > De :     AUBRY Jean-Marc <jm.81000@free.fr>
> > Pour :     Marja van Waes <bugzilla-daemon@mageia.org>
> > 
> > 
> <snip>
> > 
> > 
> > Hi Marja
> > 
> > Happy New Year

Thanks, you too :-)
> > 
> > I prepare the files and you understand the problem.
> > 
> > 
> > The interface is connected to the internet is enp2s0.
> > 
> > The interface is connected to the local lan is enp3s0.
> > 
> > 1) - Internet work correctly.
> > 
> > 2) - I stop (with network manager or other) interface enp2s0. (file
> > journalctl-f_1.txt)
> > And the local lan work correctly (except internet)
> > 
> > 3) - I restart interface enp2s0 (file journalctl-f_2.txt), but
> > a the moment internet don't work ??? Why ??? And the local lan still
> > work correctly (
> > except internet). 

Where does it not work. Only on the computer that's connected to it via enp3s0, or also on the computer that shares its internet connection?

Comment 9 Frank Griffin 2016-01-19 15:25:08 CET

Just a thought.  I wonder if the stop/start of the external interface screws up the routing table ?

I have the same sort of setup, but I don't use drakgw since I like to know exactly what's being done.  Specifically, I issue my own "route" commands when the interfaces come up and down.

Try:

1) Restart everything so that it's working
2) Issue "route -n"
3) Stop and restart the external interface
4) Issue "route -n" again

If there's a significant difference between (2) and (4), that's the problem.

CC: (none) => ftg

Comment 10 Jean-Marc AUBRY 2016-01-19 21:04:49 CET

1) - Internet work correctly

[]# route -n
Table de routage IP du noyau
Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
0.0.0.0         192.168.1.254   0.0.0.0         UG    100    0        0 enp2s0
0.0.0.0         192.168.0.254   0.0.0.0         UG    101    0        0 enp3s0
192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0 enp3s0
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 enp2s0
[]#

2) - I stop (with network manager or other) interface enp2s0.

[]# route -n
Table de routage IP du noyau
Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
0.0.0.0         192.168.0.254   0.0.0.0         UG    100    0        0 enp3s0
192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0 enp3s0
[]#

3) - I restart interface enp2s0

[]# route -n
Table de routage IP du noyau
Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
0.0.0.0         192.168.0.254   0.0.0.0         UG    100    0        0 enp3s0
0.0.0.0         192.168.1.254   0.0.0.0         UG    101    0        0 enp2s0
192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0 enp3s0
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 enp2s0
[]#

The local lan work correctly but internet no !!! Why ???


4) - I stop all interfaces.
[]# route -n
Table de routage IP du noyau
Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
[]#

5) - I restart interface enp2s0 then enp3s0

[]# route -n
Table de routage IP du noyau
Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
0.0.0.0         192.168.1.254   0.0.0.0         UG    100    0        0 enp2s0
0.0.0.0         192.168.0.254   0.0.0.0         UG    101    0        0 enp3s0
192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0 enp3s0
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 enp2s0
[]#

Comment 11 Frank Griffin 2016-01-19 22:03:14 CET

(In reply to Jean-Marc AUBRY from comment #10)
> 1) - Internet work correctly
> 
> []# route -n
> Table de routage IP du noyau
> Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
> 0.0.0.0         192.168.1.254   0.0.0.0         UG    100    0        0
> enp2s0
> 0.0.0.0         192.168.0.254   0.0.0.0         UG    101    0        0
> enp3s0
> 192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0
> enp3s0
> 192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0
> enp2s0
> []#

This is a little unusual.  The third entry says that any traffic for IP addresses 192.168.0.x should be sent to enp3s0.  The fourth says that any traffic for addresses 192.168.1.x should be sent to enp2s0.  The first line says that any traffic not matching any other line should go to 192.168.1.254 via enp2s0, and the second line says that any traffic not matching any other line be sent to 192.168.0.254 via enp3s0.

The first two lines contradict each other.  There should be only one line with a destination of 0.0.0.0 and a GENMASK of 0.0.0.0.  I'm not sure in these circumstances which of these would take precedence.  The intention seems to be that all traffic not matching any other line be sent to either 192.168.0.254 or 192.168.1.254, and lines 3 and 4 will dump this traffic on to one or the other of the interfaces.

My guess is that two groups of lines 1 and 4 and lines 2 and 3 are added by code which is unaware of the other group.

> 
> 2) - I stop (with network manager or other) interface enp2s0.
> 
> []# route -n
> Table de routage IP du noyau
> Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
> 0.0.0.0         192.168.0.254   0.0.0.0         UG    100    0        0
> enp3s0
> 192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0
> enp3s0
> []#
> 

With enp2s0 shut down, the lines added for it have been removed, and all traffic goes to enp3s0.

> 3) - I restart interface enp2s0
> 
> []# route -n
> Table de routage IP du noyau
> Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
> 0.0.0.0         192.168.0.254   0.0.0.0         UG    100    0        0
> enp3s0
> 0.0.0.0         192.168.1.254   0.0.0.0         UG    101    0        0
> enp2s0
> 192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0
> enp3s0
> 192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0
> enp2s0
> []#
> 
> The local lan work correctly but internet no !!! Why ???
> 

And there's the problem.  You recall that I said above that lines 1 and 2 contradict each other and I wasn't sure which one would take precedence.  You'll note that here the first two lines have been exchanged, which tells me that in case (1) it was line 1 that took precedence over line 2, and any unmatched traffic was being sent out over enp2s0 to the external internet.

In case 3 here, line 1 is taking precedence, and unmatched traffic is being sent to enp3s0, which is why you can't get to the external internet.

> 
> 4) - I stop all interfaces.
> []# route -n
> Table de routage IP du noyau
> Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
> []#
> 
> 5) - I restart interface enp2s0 then enp3s0
> 
> []# route -n
> Table de routage IP du noyau
> Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
> 0.0.0.0         192.168.1.254   0.0.0.0         UG    100    0        0
> enp2s0
> 0.0.0.0         192.168.0.254   0.0.0.0         UG    101    0        0
> enp3s0
> 192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0
> enp3s0
> 192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0
> enp2s0
> []#

Note that now lines 1 and 2 have been exchanged again, back tothe way they were in case (1), which is why it works again.

Marja, this is a bug in drakgw, and illustrates why I do this manually.  drakgw is manipulating the routing table in exactly the same way for each network interface, specifically adding a 0.0.0.0 gateway for each.  That's wrong.  The intranet interface (enps30) should not have a 0.0.0.0 gateway at all.  Only the internet interface should.

Comment 12 Frank Griffin 2016-01-19 22:31:36 CET

By way of contrast, here is my routing table:

[root@ftgfw ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         72.227.96.1     0.0.0.0         UG    5      0        0 eth0
72.227.96.0     0.0.0.0         255.255.240.0   U     5      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     10     0        0 eth1
192.168.3.0     192.168.3.100   255.255.255.0   UG    0      0        0 eth1
192.168.3.0     0.0.0.0         255.255.255.0   U     10     0        0 eth1
[root@ftgfw ~]# 

Here, eth0 is the external internet interface and eth1 is the intranet interface.  Line 3 is immaterial, and reflects support for local non-IP traffic.  The only 0.0.0.0 gateway sends traffic for anything other than 192.168.3.x out eth0 to my ISP's gateway.  Lines 4 nd 5 ensure that any traffic destined for 192.168.3.x goes out on eth1, to be picked up by the intranet host to which they are addressed.

Comment 13 Marja Van Waes 2016-01-20 07:37:44 CET

(In reply to Frank Griffin from comment #11)

<snip>
> Marja, this is a bug in drakgw, and illustrates why I do this manually. 
> drakgw is manipulating the routing table in exactly the same way for each
> network interface, specifically adding a 0.0.0.0 gateway for each.  That's
> wrong.  The intranet interface (enps30) should not have a 0.0.0.0 gateway at
> all.  Only the internet interface should.

@ Frank,

Thx a lot for the debugging, I lacked the knowledge.

Assigning to drakx-net maintainer, because drakgw belongs to drakx-net

Keywords: NEEDINFO => (none)
CC: (none) => thierry.vignaud
Assignee: bugsquad => mageia
Summary: problem internet connection for gateway => problem internet connection for gateway, because drakgw adds a 0.0.0.0 gateway for the intranet interface, too
Source RPM: draknetcenter ... drakgw ... shorewall ... network ... firewall ??? => drakx-net

Comment 14 Marja Van Waes 2018-04-18 12:25:19 CEST

@ Frank Griffin,

Do you mind checking whether this bug still exists in Cauldron and/or Mageia 6?

Thanks in advance,
Marja

(Reassigning to the Mageia Tools maintainers, in case this report needs to stay open)

Assignee: mageia => mageiatools

Comment 15 Marja Van Waes 2018-10-07 15:39:13 CEST

No reply, so closing as OLD since Mageia 5 is no longer maintained.

@ Jean-Marc:

==> If you didn't reset your password after February 2018, then you'll need to reset it here https://identity.mageia.org/forgot_password to be able to log in and comment in this report. <==

Resolution: (none) => OLD
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.