On 10/19/2011 17:14, Alan Madill wrote: > > On 10/19/2011 3:38 PM, Tom Eastep wrote: >> On Wed, 2011-10-19 at 15:27 -0700, Alan Madill wrote: >>>> What I am struggling with is using IP aliases on a single interface on the >>>> firewall to communicate with the upstream router. I'm thinking it might be >>>> easier to add a third nic with a separate address, plug them both into a >>>> switch >>>> along with the upstream. >>> Further to this. >>> >>> When you specify track as an option in providers with an aliased interface >>> it >>> uses the mac address to mark the packet, would not both macs be the same on >>> the >>> upstream router? >> Yes. >> >> -Tom >> > I can't make it work. I'll set up another zone called wan, tie it to another > nic, and go that route. > > I'm just in the testing/building stage but what I've done is setup a second IP > on my office router. Unless I ping it first to establish an arp table entry I > get an error when starting shorewall on the testrouter. > > ERROR: Unable to determine the MAC address of 10.10.11.1 through interface > "eth0": Firewall state not changed > > But if I ping first or run the start again it works. > > I've also started getting an error when starting or stopping shorewall via the > redhat init scripts (CentOS6) > # service shorewall stop > Shutting down shorewall: rm: cannot remove `/var/lock/subsys/shorewall': > Permission denied > > But is I use just "shorewall stop" it is fine. > > > > ------------------------------------------------------------------------------ > The demand for IT networking professionals continues to grow, and the > demand for specialized networking skills is growing even more rapidly. > Take a complimentary Learning@Ciosco Self-Assessment and learn > about Cisco certifications, training, and career opportunities. > http://p.sf.net/sfu/cisco-dev2dev > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users have you run service shorewall stop as root, or as regular user?
------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Ciosco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
