| View previous topic :: View next topic |
| Author |
Message |
SpiderPigLoki
Tux's lil' helper
Joined: 22 Aug 2008
Posts: 86
|
 Posted: Thu Jun 11, 2020 11:43 am Post subject: Docker container adds default route via veth? |
 |
|
Hello everybody,
whenever I start a docker container, it automatically adds a new default route
| Code: | user@Gentoo ~ $ ip r
default dev veth4877ada scope link
default via 192.168.189.1 dev wlan0
169.254.0.0/16 dev veth4877ada proto kernel scope link src 169.254.70.173
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
192.168.189.0/24 dev wlan0 proto kernel scope link src 192.168.189.34
|
As a result my system (host and docker containers) cannot use the internet anymore, since both do not use the real default route to my wlan0, but want to use the first line.
The value for veth is different every time, since the container ID is random and both are connected (as far as I understood).
Why does this happen? I remember a time, when this was not the case.
My Docker-containers are started without any --net options. For example running
| Code: | | docker container run -d -p 8080:80 --name webserver httpd |
and just waiting some minutes (maybe one, maybe two) will result in the new default route.
According to docker info, this is my network-setup for docker
| Code: | | Network: bridge host ipvlan macvlan null overlay |
/etc/conf.d/docker does not contain any settings (everything commented out) and my user is member of the docker group.
| Code: |
[ebuild R ] net-misc/iputils-20190709-r1::gentoo USE="arping filecaps gcrypt ipv6 nls ssl -SECURITY_HAZARD -caps -clockdiff -doc -idn -libressl -nettle -rarpd -rdisc -static -tftpd -tracepath -traceroute6" 422 KiB
[ebuild R ] app-emulation/docker-19.03.8::gentoo USE="btrfs container-init hardened overlay seccomp -apparmor -aufs -device-mapper" 17,069 KiB
Total: 2 packages (2 reinstalls), Size of downloads: 17,490 KiB
|
Please let me know, if there is anything else missing.
Cheers!
SPL |
|
| Back to top |
|
 |
alamahant
l33t
Joined: 23 Mar 2019
Posts: 806
|
| Posted: Thu Jun 11, 2020 12:39 pm Post subject: |
|
|
Hi please have a look at this
https://docs.docker.com/network/bridge/
in the network stanza try to remove the default gateway line and check if there is a way to add a route instead of the gateway
something like this in /etc/docker/daemon.json
| Code: |
{
"bip": "192.168.1.5/24",
"fixed-cidr": "192.168.1.5/25",
"fixed-cidr-v6": "2001:db8::/64",
"mtu": 1500,
# "default-gateway": "10.20.1.1",
# "default-gateway-v6": "2001:db8:abcd::89",
<enter a route line here but you will have to read the manual how to do this>
"dns": ["10.20.1.2","10.20.1.3"]
}
|
However this should not be happening...
Docker heavilly relies on iptables.
Do you have FULLY functional iptables?
you can check also
| Code: |
grep -i netfilter /usr/src/linux
|
The more you have the better especially also anything to do with bridges.
Also you need ip forwarding enabled in systcl.
Maybe "ebtables" wouldnt hurt also.
 |
|
| Back to top |
|
|
AlexJGreen
Tux's lil' helper
Joined: 19 Sep 2018
Posts: 149
|
| Posted: Thu Jun 11, 2020 10:21 pm Post subject: |
|
|
_
Last edited by AlexJGreen on Mon Dec 28, 2020 3:08 am; edited 1 time in total |
|
| Back to top |
|
|
SpiderPigLoki
Tux's lil' helper
Joined: 22 Aug 2008
Posts: 86
|
| Posted: Fri Jun 12, 2020 8:58 am Post subject: |
|
|
Hello everyone,
thanks for the replies.
1.) I will first check the kernel - judging by this output it can't hurt 
| Code: |
/usr/share/docker/contrib/check-config.sh |grep missing
- apparmor: enabled, but apparmor_parser missing
- CONFIG_NF_NAT_IPV4: missing
- CONFIG_NETFILTER_XT_MATCH_IPVS: missing
- CONFIG_NF_NAT_NEEDED: missing
- CONFIG_BLK_DEV_THROTTLING: missing
- CONFIG_IOSCHED_CFQ: missing
- CONFIG_CFQ_GROUP_IOSCHED: missing
- CONFIG_CGROUP_PERF: missing
- CONFIG_CGROUP_HUGETLB: missing
- CONFIG_NET_CLS_CGROUP: missing
- CONFIG_CGROUP_NET_PRIO: missing
- CONFIG_CFS_BANDWIDTH: missing
- CONFIG_RT_GROUP_SCHED: missing
- CONFIG_IP_NF_TARGET_REDIRECT: missing
- CONFIG_IP_VS: missing
- CONFIG_IP_VS_NFCT: missing
- CONFIG_IP_VS_PROTO_TCP: missing
- CONFIG_IP_VS_PROTO_UDP: missing
- CONFIG_IP_VS_RR: missing
- CONFIG_EXT3_FS: missing
- CONFIG_EXT3_FS_XATTR: missing
- CONFIG_EXT3_FS_POSIX_ACL: missing
- CONFIG_EXT3_FS_SECURITY: missing
- CONFIG_INET_XFRM_MODE_TRANSPORT: missing
- CONFIG_IPVLAN: missing
- CONFIG_DUMMY: missing
- CONFIG_NF_NAT_TFTP: missing
- CONFIG_NF_CONNTRACK_TFTP: missing
- CONFIG_AUFS_FS: missing
- CONFIG_DM_THIN_PROVISIONING: missing
- /dev/zfs: missing
- zfs command: missing
- zpool command: missing
|
2.) NetworkManager is installed (I think because virt-manager is pulling it in - I use WPA-Supplicant / WPA-GUI for Wifi).
I will check the kernel for now and then tackle the issue of NetworkManager.
Cheers! |
|
| Back to top |
|
|
kfiadeg
n00b
Joined: 04 May 2006
Posts: 43
Location: Republic of Poland
|
| Posted: Mon Jun 22, 2020 11:24 am Post subject: |
|
|
Hello there.
I am facing similar issues but more ofter my connection to the Internet is lost when I'm STARTING or STOPPING stack of containers with docker-compose.
It started to happen when I upgraded my kernel from 4.x to 5.x (currently it is 5.4.28).
I have not invented a solution yet. I must always restart my phisical network device completely:
| Code: | | /etc/init.d/net.enp5s0 restart |
It is driving me mad.
@SpiderPigLoki can you (or anybody) point me a way to the fix?
Below I present result of grep -i netfilter /usr/src/linux/.config:
| Code: | CONFIG_NETFILTER=y
CONFIG_NETFILTER_ADVANCED=y
CONFIG_BRIDGE_NETFILTER=m
# Core Netfilter Configuration
# CONFIG_NETFILTER_INGRESS is not set
CONFIG_NETFILTER_NETLINK=y
CONFIG_NETFILTER_FAMILY_BRIDGE=y
# CONFIG_NETFILTER_NETLINK_ACCT is not set
# CONFIG_NETFILTER_NETLINK_QUEUE is not set
CONFIG_NETFILTER_NETLINK_LOG=y
# CONFIG_NETFILTER_NETLINK_OSF is not set
# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set
CONFIG_NETFILTER_XTABLES=y
CONFIG_NETFILTER_XT_MARK=m
# CONFIG_NETFILTER_XT_CONNMARK is not set
# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set
# CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set
# CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y
# CONFIG_NETFILTER_XT_TARGET_DSCP is not set
# CONFIG_NETFILTER_XT_TARGET_HL is not set
# CONFIG_NETFILTER_XT_TARGET_HMARK is not set
# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set
# CONFIG_NETFILTER_XT_TARGET_LED is not set
CONFIG_NETFILTER_XT_TARGET_LOG=m
# CONFIG_NETFILTER_XT_TARGET_MARK is not set
CONFIG_NETFILTER_XT_NAT=m
# CONFIG_NETFILTER_XT_TARGET_NETMAP is not set
CONFIG_NETFILTER_XT_TARGET_NFLOG=y
# CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
# CONFIG_NETFILTER_XT_TARGET_REDIRECT is not set
CONFIG_NETFILTER_XT_TARGET_MASQUERADE=m
# CONFIG_NETFILTER_XT_TARGET_TEE is not set
# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
CONFIG_NETFILTER_XT_TARGET_SECMARK=y
CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m
# CONFIG_NETFILTER_XT_MATCH_BPF is not set
# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set
# CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set
# CONFIG_NETFILTER_XT_MATCH_COMMENT is not set
# CONFIG_NETFILTER_XT_MATCH_CONNBYTES is not set
# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set
# CONFIG_NETFILTER_XT_MATCH_CONNLIMIT is not set
# CONFIG_NETFILTER_XT_MATCH_CONNMARK is not set
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
# CONFIG_NETFILTER_XT_MATCH_CPU is not set
# CONFIG_NETFILTER_XT_MATCH_DCCP is not set
# CONFIG_NETFILTER_XT_MATCH_DEVGROUP is not set
# CONFIG_NETFILTER_XT_MATCH_DSCP is not set
# CONFIG_NETFILTER_XT_MATCH_ECN is not set
# CONFIG_NETFILTER_XT_MATCH_ESP is not set
# CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set
# CONFIG_NETFILTER_XT_MATCH_HELPER is not set
# CONFIG_NETFILTER_XT_MATCH_HL is not set
# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set
# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set
CONFIG_NETFILTER_XT_MATCH_IPVS=m
# CONFIG_NETFILTER_XT_MATCH_L2TP is not set
# CONFIG_NETFILTER_XT_MATCH_LENGTH is not set
# CONFIG_NETFILTER_XT_MATCH_LIMIT is not set
# CONFIG_NETFILTER_XT_MATCH_MAC is not set
# CONFIG_NETFILTER_XT_MATCH_MARK is not set
# CONFIG_NETFILTER_XT_MATCH_MULTIPORT is not set
# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set
# CONFIG_NETFILTER_XT_MATCH_OSF is not set
# CONFIG_NETFILTER_XT_MATCH_OWNER is not set
CONFIG_NETFILTER_XT_MATCH_POLICY=y
# CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set
# CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set
# CONFIG_NETFILTER_XT_MATCH_QUOTA is not set
# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set
# CONFIG_NETFILTER_XT_MATCH_REALM is not set
# CONFIG_NETFILTER_XT_MATCH_RECENT is not set
# CONFIG_NETFILTER_XT_MATCH_SCTP is not set
# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
CONFIG_NETFILTER_XT_MATCH_STATE=y
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
# end of Core Netfilter Configuration
# IP: Netfilter Configuration
# end of IP: Netfilter Configuration
# IPv6: Netfilter Configuration
# end of IPv6: Netfilter Configuration
# iptables trigger is under Netfilter config (LED target)
|
|
|
| Back to top |
|
|
alamahant
l33t
Joined: 23 Mar 2019
Posts: 806
|
| Posted: Mon Jun 22, 2020 11:28 am Post subject: |
|
|
Maybe you should try with these
| Code: |
CONFIG_NETFILTER=y
CONFIG_NETFILTER_ADVANCED=y
CONFIG_BRIDGE_NETFILTER=m
# Core Netfilter Configuration
CONFIG_NETFILTER_INGRESS=y
CONFIG_NETFILTER_NETLINK=m
CONFIG_NETFILTER_FAMILY_BRIDGE=y
CONFIG_NETFILTER_FAMILY_ARP=y
CONFIG_NETFILTER_NETLINK_ACCT=m
CONFIG_NETFILTER_NETLINK_QUEUE=m
CONFIG_NETFILTER_NETLINK_LOG=m
CONFIG_NETFILTER_NETLINK_OSF=m
CONFIG_NETFILTER_CONNCOUNT=m
CONFIG_NETFILTER_NETLINK_GLUE_CT=y
CONFIG_NETFILTER_SYNPROXY=m
CONFIG_NETFILTER_XTABLES=m
CONFIG_NETFILTER_XT_MARK=m
CONFIG_NETFILTER_XT_CONNMARK=m
CONFIG_NETFILTER_XT_SET=m
CONFIG_NETFILTER_XT_TARGET_AUDIT=m
CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
CONFIG_NETFILTER_XT_TARGET_CT=m
CONFIG_NETFILTER_XT_TARGET_DSCP=m
CONFIG_NETFILTER_XT_TARGET_HL=m
CONFIG_NETFILTER_XT_TARGET_HMARK=m
CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m
CONFIG_NETFILTER_XT_TARGET_LED=m
CONFIG_NETFILTER_XT_TARGET_LOG=m
CONFIG_NETFILTER_XT_TARGET_MARK=m
CONFIG_NETFILTER_XT_NAT=m
CONFIG_NETFILTER_XT_TARGET_NETMAP=m
CONFIG_NETFILTER_XT_TARGET_NFLOG=m
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
CONFIG_NETFILTER_XT_TARGET_RATEEST=m
CONFIG_NETFILTER_XT_TARGET_REDIRECT=m
CONFIG_NETFILTER_XT_TARGET_MASQUERADE=m
CONFIG_NETFILTER_XT_TARGET_TEE=m
CONFIG_NETFILTER_XT_TARGET_TPROXY=m
CONFIG_NETFILTER_XT_TARGET_TRACE=m
CONFIG_NETFILTER_XT_TARGET_SECMARK=m
CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m
CONFIG_NETFILTER_XT_MATCH_BPF=m
CONFIG_NETFILTER_XT_MATCH_CGROUP=m
CONFIG_NETFILTER_XT_MATCH_CLUSTER=m
CONFIG_NETFILTER_XT_MATCH_COMMENT=m
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
CONFIG_NETFILTER_XT_MATCH_CONNLABEL=m
CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=m
CONFIG_NETFILTER_XT_MATCH_CONNMARK=m
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
CONFIG_NETFILTER_XT_MATCH_CPU=m
CONFIG_NETFILTER_XT_MATCH_DCCP=m
CONFIG_NETFILTER_XT_MATCH_DEVGROUP=m
CONFIG_NETFILTER_XT_MATCH_DSCP=m
CONFIG_NETFILTER_XT_MATCH_ECN=m
CONFIG_NETFILTER_XT_MATCH_ESP=m
CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m
CONFIG_NETFILTER_XT_MATCH_HELPER=m
CONFIG_NETFILTER_XT_MATCH_HL=m
CONFIG_NETFILTER_XT_MATCH_IPCOMP=m
CONFIG_NETFILTER_XT_MATCH_IPRANGE=m
CONFIG_NETFILTER_XT_MATCH_IPVS=m
CONFIG_NETFILTER_XT_MATCH_L2TP=m
CONFIG_NETFILTER_XT_MATCH_LENGTH=m
CONFIG_NETFILTER_XT_MATCH_LIMIT=m
CONFIG_NETFILTER_XT_MATCH_MAC=m
CONFIG_NETFILTER_XT_MATCH_MARK=m
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m
CONFIG_NETFILTER_XT_MATCH_NFACCT=m
CONFIG_NETFILTER_XT_MATCH_OSF=m
CONFIG_NETFILTER_XT_MATCH_OWNER=m
CONFIG_NETFILTER_XT_MATCH_POLICY=m
CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m
CONFIG_NETFILTER_XT_MATCH_QUOTA=m
CONFIG_NETFILTER_XT_MATCH_RATEEST=m
CONFIG_NETFILTER_XT_MATCH_REALM=m
CONFIG_NETFILTER_XT_MATCH_RECENT=m
CONFIG_NETFILTER_XT_MATCH_SCTP=m
CONFIG_NETFILTER_XT_MATCH_SOCKET=m
CONFIG_NETFILTER_XT_MATCH_STATE=m
CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
CONFIG_NETFILTER_XT_MATCH_STRING=m
CONFIG_NETFILTER_XT_MATCH_TCPMSS=m
CONFIG_NETFILTER_XT_MATCH_TIME=m
CONFIG_NETFILTER_XT_MATCH_U32=m
|
|
|
| Back to top |
|
|
kfiadeg
n00b
Joined: 04 May 2006
Posts: 43
Location: Republic of Poland
|
| Posted: Mon Jun 22, 2020 11:36 am Post subject: |
|
|
Everything on? Hmm, I will give it a try, but this looks like "bruteforce" solution Thanks @alamahant.
I forgot to mention that issue I've described happens on two separate machines and - what is especially driving me mad - it does not happen always. but only from time to time.
I found another thread on this forum which might be related: https://forums.gentoo.org/viewtopic-t-1105886.html
Note: No iptables are configured on the host machine(s). |
|
| Back to top |
|
|
SpiderPigLoki
Tux's lil' helper
Joined: 22 Aug 2008
Posts: 86
|
| Posted: Tue Jun 23, 2020 10:56 am Post subject: |
|
|
Hello everybody,
still no success on my end - issue still persists.
I have enabled all of the NETFILTER-options mentioned by alamahant. |
|
| Back to top |
|
|
SpiderPigLoki
Tux's lil' helper
Joined: 22 Aug 2008
Posts: 86
|
| Posted: Tue Jun 23, 2020 8:54 pm Post subject: |
|
|
Okay played around a bit - without success.
- all iptables and docker stuff was removed (e.g. config files and /var/lib/iptables/rules-save)
- emerge -C iptables app-emulation/docker
- following line in package.use/world :
| Code: |
net-firewall/iptables nftables pcap conntrack
|
- ebtables was removed because it was blocking use-flag nftables with iptables
- changed /etc/conf.d/iptables to not save on stop
- when running iptables -L docker rules were already present ( more on that later)
- ran flushing commands for iptables (https://serverfault.com/a/200658) | Code: |
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X |
- Result: Bloody thing still shows up!!!  WITH EMPTY IPTABLES PEOPLE *going
crazy here*
| Quote: |
And in all cases, I have nothing in place for docker, not even the
DOCKER-ISOLATION chain - docker normally puts that in place when it starts
up. -
|
Source: https://serverfault.com/a/840098
If iptables really is to blame, then wouldn't that mean that the package is broken or something?
I have done nothing in regards to iptables and still the thing shows up.
Will compare the Gentoo with Ubuntu rules and see if I can spot a difference.
EDIT:
When I start and stop the container /var/log/messages shows the following:
| Code: | Jun 24 00:18:07 Gentoo kernel: [11521.687371] IPv6: ADDRCONF(NETDEV_CHANGE): vethe08cd74: link becomes ready
Jun 24 00:18:07 Gentoo kernel: [11521.687490] IPv6: ADDRCONF(NETDEV_CHANGE): vetha9acbf2: link becomes ready
Jun 24 00:18:07 Gentoo kernel: [11521.688755] docker0: port 1(vethe08cd74) entered blocking state
Jun 24 00:18:07 Gentoo kernel: [11521.688760] docker0: port 1(vethe08cd74) entered disabled state
Jun 24 00:18:07 Gentoo kernel: [11521.689343] device vethe08cd74 entered promiscuous mode
Jun 24 00:18:07 Gentoo kernel: [11521.689591] docker0: port 1(vethe08cd74) entered blocking state
Jun 24 00:18:07 Gentoo kernel: [11521.689596] docker0: port 1(vethe08cd74) entered forwarding state
Jun 24 00:18:07 Gentoo kernel: [11521.861043] docker0: port 1(vethe08cd74) entered disabled state
Jun 24 00:18:07 Gentoo kernel: [11521.861505] eth0: renamed from vetha9acbf2
Jun 24 00:18:07 Gentoo kernel: [11521.868502] IPv6: ADDRCONF(NETDEV_CHANGE): vethe08cd74: link becomes ready
Jun 24 00:18:07 Gentoo kernel: [11521.868527] docker0: port 1(vethe08cd74) entered blocking state
Jun 24 00:18:07 Gentoo kernel: [11521.868528] docker0: port 1(vethe08cd74) entered forwarding state
Jun 24 00:19:04 Gentoo kernel: [11579.503928] vetha9acbf2: renamed from eth0
Jun 24 00:19:04 Gentoo kernel: [11579.526191] docker0: port 1(vethe08cd74) entered disabled state
Jun 24 00:19:04 Gentoo kernel: [11579.526842] IPv6: ADDRCONF(NETDEV_CHANGE): vetha9acbf2: link becomes ready
Jun 24 00:19:04 Gentoo kernel: [11579.526964] docker0: port 1(vethe08cd74) entered blocking state
Jun 24 00:19:04 Gentoo kernel: [11579.526968] docker0: port 1(vethe08cd74) entered forwarding state
Jun 24 00:19:04 Gentoo kernel: [11579.552747] docker0: port 1(vethe08cd74) entered disabled state
Jun 24 00:19:04 Gentoo kernel: [11579.553166] device vethe08cd74 left promiscuous mode
Jun 24 00:19:04 Gentoo kernel: [11579.553170] docker0: port 1(vethe08cd74) entered disabled state
|
As you can see I left the container running for 57 seconds. In that time the evil veth device (vethe08cd74 is this instance) appears in routing table and messes everything up. This is not reflected in the messages. The only times there is something logged is when I start the container and exit it.
Cheers!
SPL |
|
| Back to top |
|
|
AlexJGreen
Tux's lil' helper
Joined: 19 Sep 2018
Posts: 149
|
| Posted: Tue Jun 23, 2020 10:44 pm Post subject: |
|
|
_
Last edited by AlexJGreen on Mon Dec 28, 2020 3:06 am; edited 1 time in total |
|
| Back to top |
|
|
SpiderPigLoki
Tux's lil' helper
Joined: 22 Aug 2008
Posts: 86
|
| Posted: Wed Jun 24, 2020 8:02 am Post subject: |
|
|
It appears that I have found something along the lines of a workaround (maybe even solution).
It pains me to write this, but it seems that my beloved OpenRC / netifrc is at fault.
After removing net-misc/networkmanager; emerging openrc without netifrc-use-flag and rebooting solved the issue.
It seems that netifrc added the new device again and again and again, just like coderanger suggested.
For the time being I am going to stick with this solution.
Thanks a lot for all the help. |
|
| Back to top |
|
|
AlexJGreen
Tux's lil' helper
Joined: 19 Sep 2018
Posts: 149
|
| Posted: Wed Jun 24, 2020 9:48 am Post subject: |
|
|
_
Last edited by AlexJGreen on Mon Dec 28, 2020 3:06 am; edited 1 time in total |
|
| Back to top |
|
|
kfiadeg
n00b
Joined: 04 May 2006
Posts: 43
Location: Republic of Poland
|
| Posted: Wed Jun 24, 2020 9:44 pm Post subject: |
|
|
Nice talk here. It's motivating 
So - after what coderanger said - there should be a way also for netifrc subsystem to configure ignored (unmanaged) devices.
So far I have faced only functions preup(), predown(), postup(), postdown(), failup() and faildown() as a possible solution. They might rely on ${IFACE} variable which is set to the interface being brought up/down.
I have not invented the solution yet, though.
I will now dig into https://github.com/gentoo/netifrc/blob/master/doc/net.example.Linux.in |
|
| Back to top |
|
|
kfiadeg
n00b
Joined: 04 May 2006
Posts: 43
Location: Republic of Poland
|
| Posted: Tue Aug 25, 2020 8:41 am Post subject: |
|
|
For whom it may concern:
- I have failed trying to set up netifrc so it would ignore setting default router for certain devices
- I have noticed that also OpenVPN was setting new default route from time to time upon disconnection
- I have used genkernel to generate new kernel - with most (if not all) IP tables features compiled as modules - this helped, overwritting default route stopped to happen
- I have finally created brand new config (make defconfig) for kernel 5.4.48, adjusted it little bit, made sure that all options required by docker are compiled in* and - since then (it is just a few days now) - everything works properly
*) I've done it with help of two supplementary simple community scripts:
Both extract informations about kernel requirements from ebuilds of currently installed packages and print them out to the console (the same that show up when installing package). Thank you good people from #gentoo IRC channel on irc.freenode.net !!!
Home it helps. |
|
| Back to top |
|
|
|
Networking & Security
