Also, Tom -- maybe I wasn't clear: I am not interested in any of the leaf interfaces getting an IP through DHCP, ie running the client. I want Bering to be a dhcp server on eth1.
(Do I need to alter the /etc/network file in addition?)
Anyhow here is the etc/shorwall/interfaces file:
# Shorewall 1.4 -- Sample Interface File For Two Interfaces
#
# /etc/shorewall/interfaces
#
# You must add an entry in this file for each network interface on your
# firewall system.
#
# Columns are:
#
# ZONE
# Zone for this interface. Must match the short name
# of a zone defined in /etc/shorewall/zones.
#
# If the interface serves multiple zones that will be
# defined in the /etc/shorewall/hosts file, you should
# place "-" in this column.
#
# INTERFACE
# Name of interface. Each interface may be listed only
# once in this file. You may NOT specify the name of
# an alias (e.g., eth0:0) here; see
# http://www.shorewall.net/FAQ.htm#faq18
#
# DO NOT DEFINE THE LOOPBACK INTERFACE (lo) IN THIS FILE.
#
# BROADCAST
# The broadcast address for the subnetwork to which the
# interface belongs. For P-T-P interfaces, this
# column is left blank.If the interface has multiple
# addresses on multiple subnets then list the broadcast
# addresses as a comma-separated list.
#
# If you use the special value "detect", the firewall
# will detect the broadcast address for you. If you
# select this option, the interface must be up before
# the firewall is started, you must have iproute
# installed and the interface must only be associated
# with a single subnet.
#
# If you don't want to give a value for this column but
# you want to enter a value in the OPTIONS column, enter
# "-" in this column.
#
# OPTIONS
# A comma-separated list of options including the
# following:
#
# dhcp
# Interface is managed by DHCP or used by
# a DHCP server running on the firewall or
# you have a static IP but are on a LAN
# segment with lots of Laptop DHCP clients.
# norfc1918
# This interface should not receive
# any packets whose source is in one
# of the ranges reserved by RFC 1918
# (i.e., private or "non-routable"
# addresses. If packet mangling is
# enabled in shorewall.conf, packets
# whose destination addresses are
# reserved by RFC 1918 are also rejected.
# routefilter
# Turn on kernel route filtering for this
# interface (anti-spoofing measure). This
# option can also be enabled globally in
# the /etc/shorewall/shorewall.conf file.
# dropunclean
# Logs and drops mangled/invalid packets
# logunclean
# Logs mangled/invalid packets but does
# not drop them.
# blacklist
# Check packets arriving on this interface
# against the /etc/shorewall/blacklist
# file.
# maclist
# Connection requests from this interface
# are compared against the contents of
# /etc/shorewall/maclist. If this option
# is specified, the interface must be
# an ethernet NIC and must be up before
# Shorewall is started.
# tcpflags
# Packets arriving on this interface are
# checked for certain illegal combinations
# of TCP flags. Packets found to have
# such a combination of flags are handled
# according to the setting of
# TCP_FLAGS_DISPOSITION after having been
# logged according to the setting of
# TCP_FLAGS_LOG_LEVEL.
# proxyarp
# Sets /proc/sys/net/ipv4/conf/<interface>/proxy_arp.
# Do NOT use this option if you are
# employing Proxy ARP through entries in
# /etc/shorewall/proxyarp. This option is
# intended soley for use with Proxy ARP
# sub-networking as described at:
# http://www.tldp.org/HOWTO/mini/Proxy-ARP-Subnet
#
# The order in which you list the options is not
# significant but the list should have no embedded white
# space.
#
# Example 1:
# Suppose you have eth0 connected to a DSL modem and
# eth1 connected to your local network and that your
# local subnet is 192.168.1.0/24. The eth0 interface gets
# it's IP address via DHCP from subnet 206.191.149.192/27.
#
# Your entries for this setup would look like:
#
# #ZONE INTERFACE BROADCAST OPTIONS
# net eth0 206.191.149.223 dhcp
# local eth1 192.168.1.255
#
# Example 2:
# The same configuration without specifying broadcast
# addresses is:
#
# #ZONE INTERFACE BROADCAST OPTIONS
# net eth0 detect dhcp
# loc eth1 detect
#
##############################################################################
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect routefilter,norfc1918
loc eth1 detect dhcp
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
"Dr. Richard W. Tibbs" wrote: > > OK, -- I have searched the mail archives, the FAQs, the user and > installation guides, and this was automagically done with Dachstein -- > How do I configure dhcpd to serve on eth1? (How do specify the dhcp > option on eth1)? > R.
In the "Packages configuration menu" choose *shorwall*. Then, when you're in the "shorwall configuration files" section choose:
3) Ifaces Shorewall Networking Interfaces
and then look at the bottom of the file, add dhcp under OPTIONS:
#ZONE INTERFACE BROADCAST OPTIONS loc eth1 detect dhcp
Just like Tom said. All of the documentation that you were looking for is actually inside that single file...
Regards, -- Patrick Benson Stockholm, Sweden
------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
