Need some help-
I must be misusing (or misunderstanding) the Routing Policy in V3.04 of Firewall Builder.
I was adding a 2nd interface, eth1 (eth0 already installed) to the firewall, and assumed
that the Routing Policy would modify the Kernel IP routing table as an alternative to
manually using the "route" command. My first attempts are confusing and I couldn't
seem to locate a "help" file on this command in the onsite documents.
I had a routing table with 3 eth0 lines and 1 eth1 line in the kernel routing table, and
formed one routing policy for eth1 in fwbuilder, compiled, then executed the resulting script.
The new routing policy WAS added to my kernel table, but one eth0 line (a class B
IP destination address) was DELETED. Re-compiling and executing the *.fw script
without this new rule (it was merely "disabled")
doesn't seem to remove the new routing rule (and this is reasonable and expected
since the single rule didn't rebuild the entire kernel table). The removal of the class B routing
rule, though, is unexpected.
This would seem to indicate that I must form my entire IP routing table in Firewall
Builder, or, alternatively, use the manual "route" command to modify infividual
routes. Is this correct?
I realize that I can just use the "route" command, but I would like to understand how
to use the Routing Policy within Firewall Builder. So, can someone point me to a
help file? It's location might be staring me in the face, but a push is sometimes required.
There is README.routing document in the source tar.gz, this file is installed in /usr/share/doc/fwbuilder
yes, if you start managing static routing in fwbuilder, you should go all the way and add all routing rules there. Script generated by fwbuilder has to remove existing entries from the routing table before it adds new ones and there is no way to know which ones belong to it and which ones don't.
I downloaded the source tar, and,
After looking at the README.routing document, I can see that I won't be able to use
the Routing Policy. The anomalies that I was observing were due to the fact that the
author had only tested the module on the 2.4 kernel, and I'm using Ubuntu Intrepid
which is using the 2.6.27-11 kernel.
This is not a problem for me as I only need to add one "route" command to the
kernel IP table that the OS picks up from my interface.conf file.
"The anomalies that I was observing were due to the fact that the
author had only tested the module on the 2.4 kernel, and I'm using Ubuntu Intrepid which is using the 2.6.27-11 kernel."
I've been using fwbuilder to manage the route table on one of my RHEL5.3 boxes (2.6.x) with no problems. Just ensure you do all your routing in fwbuilder, this includes adding any existing routes and the default route.
I agree that the kernel version should not matter for this, routing commands and general functionality did not change between 2.4 and 2.6
Note that in the recent versions of fwbuilder we made some changes to make generated script more robust with respect to the defaul route. It will not blow it away if it is not configured in fwbuilder as it did before. However if you configure default in fwbuilder, it will get installed.
Yes, I need to either do all the routing in fwbuilder, or
use the route command to add to the kernel routing table.
When I just added one route, via fwbuilder, I received an
unexpected result that clouded the issue (as I mentioned in
my previous post).
Thanks for the response. No wonder I couldn't find the info - I had
merely downloaded the binary applications.
Log in to post a comment.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.