On 11/20/2014 3:38 AM, Philip Le Riche wrote: > On 11/20/2014 00:42 AM, Tom Eastep wrote: > > No -- but they are pretty obvious. Given the error message you are > seeing, something you are doing requires the IP address of eth0. Some > possibilities are: > > - You are calling find_first_interface_address() in your params file > - You have used "ð0" or "%eth0" in one of your files > - You have used "detect:" in a rule. > - You have entered "detect" in the ADDRESS column in the masq file > > Thanks Tom, and yes, that seems to be it. I have the Address column in > masq as detect, probably for historical reasons from when I was setting > it up in a test environment. That interface now has 17 IP addresses > (recently increased from 9), 16 associated with DNAT rules. So masq > would have been using them all as masqueraded adresses, which is not > what I intended.
Actually, only the first IP address is used for SNAT when 'detect' is specified. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
