HI Simon Thank a lot for your reply,
I dont know which combination i have had (i'am not net person). But this
info about what i'am get from the ISP that maybe can help you to help me
find the way to fix this.
I'am put server as colocation in datacenter, what i get:
1. One cable from DataCenter goes to Switch
2. assignable IP range.
3. Information for me to setup on my network (IP for gateway and
nameserver, Broadcast, netmask)
About last 3 years, so far I just put one public IP for one host, i'am use
this config in shorewall and work perfectly:
interfaces:
int eth0
ext eth1
policy:
fw all ACCEPT
int all DROP info
all all REJECT info
rtrules:
eth1 - Otong 1000
zones:
fw firewall
int ipv4
ext ipv4 blacklist
Providers:
Otong 1 1 main eth1 211.111.51.81 track
This week i'am trying add network interface into one of my host, then put
the Public IP to the new network interface.
So i have 3 eth now, 1 is internal(vpn) and 2 for external(public IP),
yesterday base on Tuomo advice i'am not modify providers file, so i just do
config in interface file, just for make eth2(new one) have same zone with
eth1:
interfaces:
int eth0
ext eth1
ext eth2
After that i do the restart, still get the error. But when i'am trying to
disable shorewall and open all the doors
to accept every packets via iptables. Magicly I can do the ping from
another site to the new public IP.
Thank you for any help, i just want to add new public IP in new network
Interface and shorewall work correctly. I'am sorry i'am not shorewall
expert.
On Wed, Jan 7, 2015 at 6:25 PM, Simon Hobson <li...@thehobsons.co.uk> wrote:
> heriyanto shell <shell.heriya...@gmail.com> wrote:
>
> > but i'am not going using one interface, i use multiple interface.
> > I try to bring in back config in providers file and add the new
> interface (eth2) to zone, but when i do the restarting shorewall still get
> same error.
>
> > > I get mulitple public IP from my ISP, so far i'am just using one,
> > > so i just put one eth in providers file.
> > > Last night i added new network interface I assign another IP that i
> > > get from my ISP
> > > then i try to modify/add config in providers file, then i get this
> > > error:
>
> As I read this, you do not need a providers file at all.
>
> What you need to do depends very heavily on how you get your IPs from the
> ISP - and for some combinations you will not be able to assign one of the
> IPs to a different interface. This is nothing to do with Shorewall, but is
> determined by basic IP addressing and routing.
>
> So, can you explain *exactly* what your ISP gives^H^H^H^H^Hsells you, IP
> address wise ?
>
> Combinations I've had :
>
> 1) The basic link (PPPoA or ethernet) gets an IP address, a further subnet
> (not including the link address) is provided which is routed over that
> link. This is good as the IP subnet can be used very flexibly.
>
> 2) An IP subnet is provided, but your endpoint has to use one of them as
> it's link address. Depending on the system this can make using the other
> IPs more restricted. Eg, with an ethernet interface, the ISP's equipment
> expects to be able to send ARP requests for each address and get an answer
> so you need to use Proxy-ARP (http://shorewall.net/ProxyARP.htm) if you
> don't want to just apply the subnet to the outside interface of your
> firewall/router (and add all the addresses as aliases). But with PPPo[A|E]
> the ISP just squirts the packets up the pipe and it's a lot easier to use
> the IPs on other interfaces.
>
> 3) A single IP for the link is provided, with further 'random' IPs
> provided. Again, it depends on the ISP's equipment as to how you can use
> these additional IPs.
>
> That's why we need to know *exactly* what you are being provided with in
> order to help.
>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming! The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is
> your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
