[CentOS] Not firewall, but what?
Jussi Hirvi
listmember at greenspot.fi
Fri May 14 07:10:44 UTC 2010
>> [root at farm1 network-scripts]# grep -rl "ip rule" .
>> ./ifdown-routes
>> ./ifup-routes
On 13.5.2010 21.36, Gordon Messmer wrote:
> Yes, those scripts will run "ip rule" to process the contents of the
> "rule-*" files. The company I work for uses shorewall on all of their
> multi-homed systems, so I'm not sure how systems without it behave.
> That said, I don't see any magic in the init scripts to handle this
> without your input. I'm inclined to believe that something on your
> system was manually configured to set up the routing policy that you see.
>
> Find it harder:
> find /etc/ -type f -print0 | xargs -0 grep "ip rule"
Ok, rc.d/routes is probably it (on the "healthy" machine I previously
used as a reference). I will have to study the ip command and routing a
bit, then make a fix on the "non-healthy" (xen) box.
[root at mail ~]# find /etc -type f -exec grep -l "ip rule" {} \;
/etc/udev/rules.d/50-udev.rules.rpmorig
/etc/udev/rules.d/50-udev.rules
/etc/rc.d/routes
/etc/sysconfig/network-scripts/ifdown-routes.rpmorig
/etc/sysconfig/network-scripts/ifdown-routes
/etc/sysconfig/network-scripts/ifup-routes.rpmorig
/etc/sysconfig/network-scripts/ifup-routes
[root at mail rc.d]# cat routes
/sbin/ip address add 62.220.237.110/27 dev eth0
/sbin/ip route add default via 62.220.237.126 tab 1
/sbin/ip route add default via 62.236.221.65 tab 2
/sbin/ip rule add from 62.236.221.70 tab 2 prio 500
/sbin/ip rule add from 62.220.237.110 tab 1 prio 600
/sbin/ip route flush cache
- Jussi
--
Jussi Hirvi * Green Spot
Topeliuksenkatu 15 C * 00250 Helsinki * Finland
Tel. +358 9 493 981 * Mobile +358 40 771 2098 (only sms)
jussi.hirvi at greenspot.fi * http://www.greenspot.fi
More information about the CentOS
mailing list