Hi, I currently connect to my ISP via my adsl modem in bridge mode and PPPoE. I
am due to put a second PPPoE ISP onto my firewall box which will give me ppp0
(general) and ppp1 (static leased line). The static leased line will run a
number of services on its static IP and it is therefore imperative to make sure
rules defined for the static line are assigned to the correct interface. I need
this to be rock solid and want to avoid the possibility of providers getting
the wrong ppp unit numbers. However, as we know ppp unit numbers are assigned
on a first-come first-serve basis (at least under Debian), and i don't believe
there is there any way to bind/fix/make-permanent the interface name ppp0 to
provider 1, and ppp1 provider 2. On going through the list archives i found:
http://lists.shorewall.net/pipermail/shorewall-users/2003-November/009774.html
>> The problem is to control the assignment of i/f numbers to ppp>>
connections, i.e. ppp0, ppp1. It can be useful to know this in>> the Shorewall
config files. Is it possible?>>> I recently spent considerable time documenting
the workaround for this> problem at http://www.shorewall.net/PPTP.htm Please
forgive my ignorance but i cant see how i can control each interface's unit
number from the above PPTP information page. I then see a later list
posting:http://lists.shorewall.net/pipermail/shorewall-users/2005-January/016730.html
>> Is there an Easy way way that shorewall can distinguish the two lines
and>> be able to apply the specific>> rules of the zone without depending on
the interface name....??> There is no way that Shorewall can do this. If you
can think of a way to> do it, you can set a shell variable in
/etc/shorewall/init where the> value in the Shell variable is the interface
that you want for the 'net'> interface. So unless i am missing something, i
think at the moment i will have to write some small custom scripts to identify
what interface is on what ppp interface (ppp0 or ppp1), via the ip-up ppp
scripts, and assign these interfaces to Shorewall configuration files before
restarting Shorewall. Does that sound like a plan or am i missing an easier
way? Many thanks in advance, Chris
_________________________________________________________________
Make a mini you on Windows Live Messenger!
http://clk.atdmt.com/UKM/go/107571437/direct/01/
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
