On Thu, Oct 1, 2009 at 8:41 PM, Jerry Vonau <jvo...@shaw.ca> wrote:
> On Thu, 2009-10-01 at 09:19 +0530, Rags wrote:
> > On Wed, Sep 30, 2009 at 11:02 PM, Jerry Vonau <jvo...@shaw.ca> wrote:
> > On Wed, 2009-09-30 at 10:38 +0530, Rags wrote:
> > > Hello,
> > >
> > > I'm using Shorewall perl 4.4.1.2 with two pppoe connections,
> > with
> > > fail-over and load balancing.
> > >
> > > When I upgraded to Shorewall-perl, I saw a bunch of warnings
> > pop up
> > > after I start/restart Shorewall. One was about the masq
> > file , wherein
> > > instead of using interface names, IP-addresses were to be
> > used. So I
> > > made the changes to the masq file like so.
> > >
> > > #INTERFACE SOURCE ADDRESS
> > PROTO
> > > PORT(S) IPSEC MARK
> > > ppp0 $PPP1_IP $PPP0_IP
> > > ppp1 $PPP0_IP $PPP1_IP
> > > ppp0 192.168.32.1
> > > ppp1 192.168.32.1
> > >
> >
> > So it's a variable...
> >
> > Sorry, I should have posted the original file. This is what it was
> > earlier with shorewall -shell.
> >
> >
> > #INTERFACE SOURCE ADDRESS PROTO
> > ppp0 $PPP1_IP $PPP0_IP
> > ppp1 $PPP0_IP $PPP1_IP
> > ppp0 eth0
> > ppp1 eth0
> >
> > This works, but with the aforementioned warning. What I had changed
> > was the LAN interface(eth0) to the ip address.
>
> 192.168.32.0 is your local lan right? Did you really intend to masq just
> 192.168.32.1 or is that meant for the entire local lan connected to
> eth0? If it's the entire lan you want, think you may want to use
> 192.168.32.0/<mask of lan> instead. Replace <mask of lan> with what your
> network on eth0 needs to use.
>
> Perhaps you would have better luck using 'detect' in place of $PPPX_IP
> something like:
> ppp0 0.0.0.0/0 detect
ppp1 0.0.0.0/0 detect
>
> Your local lan and the firewall's external ip addresses are covered with
> less rules this way.'
>
That did the trick! So i had to use the detect option instead of the macros.
I've added the proper lan network address as well.
The weird thing is I never touched those lines, they worked perfectly fine
before. So removing the interface name messed with the macros I suppose.
Thank you for your help.
> Like so :
> >
> > PPP0_IP=$(find_first_interface_address_if_any ppp0)
> > PPP1_IP=$(find_first_interface_address_if_any ppp1)
> >
> > Thanks,
> >
>
> find_first_interface_address_if_any ppp0 will return 0.0.0.0 if the
> interface is non-existent.
>
So does this mean that the "find_first_interface_address_if_any" can't be
used now?
Thanks,
--
Raghu
------------------------------------------------------------------------------
Come build with us! The BlackBerry® Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9-12, 2009. Register now!
http://p.sf.net/sfu/devconf
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
