Tom Eastep wrote:
You could place a pause/check loop in /etc/shorewall/init. Or, better
yet, configure Shorewall so that it doesn't require ppp0 to be up when
it starts.
I'm not sure I can come up with the semantics to do that, but I'd love
to give it a try...
Here's what I've got:
Zones:
net Net Internet
loc Local Local networks
dmz DMZ Demilitarized zone
dsl DSL DSL modem nat area
guest Guest Guest host network
Interfaces:
dsl eth0 detect dhcp,routefilter
net ppp0 -
tcpflags,blacklist,routefilter,norfc1918,nosmurfs,upnp
loc eth1 detect dhcp
dmz eth2 detect dhcp,routefilter
guest ath0 detect dhcp,routefilter
Masq:
(INT_QUEMADURA and EXT_QUEMADURA are internal and external IP addrs)
(ditto EXT_GUEST so guest network users are natted to a different routed
IP addr in case they do something evil like send spam)
ppp0 $INT_QUEMADURA $EXT_QUEMADURA
ppp0 eth1
ppp0 ath0 $EXT_GUEST
eth0 eth1
and rules (excerpted):
DNAT net loc:$INT_QUEMADURA tcp 22 - $EXT_QUEMADURA
Now, I'm assuming it's the masq entries referencing ppp0 that are
kicking my ass?
So this error, is caused by routefilter/ppp0 not existing (soft err):
Setting up Kernel Route Filtering...
Warning: Cannot set route filtering on ppp0
and this error is caused by masq?
Adding IP Addresses...
Device "ppp0" does not exist.
Cannot find device "ppp0"
Do you suggest I do snating instead? if so, who adds the ip aliases to
ppp0 and when? I have 5 static IP addresses that I use, so snat is a
fine option (I use one IP for the fw/home nat, one for the bastion host,
and one for a separate guest network).
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
