On Thu, 2009-10-01 at 09:19 +0530, Rags wrote: > On Wed, Sep 30, 2009 at 11:02 PM, Jerry Vonau <jvo...@shaw.ca> wrote: > On Wed, 2009-09-30 at 10:38 +0530, Rags wrote: > > Hello, > > > > I'm using Shorewall perl 4.4.1.2 with two pppoe connections, > with > > fail-over and load balancing. > > > > When I upgraded to Shorewall-perl, I saw a bunch of warnings > pop up > > after I start/restart Shorewall. One was about the masq > file , wherein > > instead of using interface names, IP-addresses were to be > used. So I > > made the changes to the masq file like so. > > > > #INTERFACE SOURCE ADDRESS > PROTO > > PORT(S) IPSEC MARK > > ppp0 $PPP1_IP $PPP0_IP > > ppp1 $PPP0_IP $PPP1_IP > > ppp0 192.168.32.1 > > ppp1 192.168.32.1 > > > > So it's a variable... > > Sorry, I should have posted the original file. This is what it was > earlier with shorewall -shell. > > > #INTERFACE SOURCE ADDRESS PROTO > ppp0 $PPP1_IP $PPP0_IP > ppp1 $PPP0_IP $PPP1_IP > ppp0 eth0 > ppp1 eth0 > > This works, but with the aforementioned warning. What I had changed > was the LAN interface(eth0) to the ip address.
192.168.32.0 is your local lan right? Did you really intend to masq just 192.168.32.1 or is that meant for the entire local lan connected to eth0? If it's the entire lan you want, think you may want to use 192.168.32.0/<mask of lan> instead. Replace <mask of lan> with what your network on eth0 needs to use. Perhaps you would have better luck using 'detect' in place of $PPPX_IP something like: ppp0 0.0.0.0/0 detect ppp1 0.0.0.0/0 detect Your local lan and the firewall's external ip addresses are covered with less rules this way. > > But, after that whenever I restart shorewall, I get a > warning that > > both the providers are down and no default route is added. > But both > > the lines are in fact up and when I revert the changes to > the masq > > file everything goes back to normal. > > Sorry, but revert to what config? > > With eth0 in the source field. > See above, lan or single box? > > > I don't understand how that change in the masq file affected > this. > > > > How have you setup PPP0_IP, PPP1_IP in the params file? > > Like so : > > PPP0_IP=$(find_first_interface_address_if_any ppp0) > PPP1_IP=$(find_first_interface_address_if_any ppp1) > > Thanks, > find_first_interface_address_if_any ppp0 will return 0.0.0.0 if the interface is non-existent. Hope this helps, Jerry ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
