Hi Eduardo,
> I have an ebox with 2 external (eth0 and eth1) NICs and an internal > one (eth2). I have two web servers on the internal net, and I was > hoping to publish them using redirects on the firewall module. > So I added a first redirect like this: > > Iface=eth0 protocol=tcp port=80 ip=10.10.1.14 dport=80 > And it works. Now I want a similar redirect: > Iface=eth1 protocol=tcp port=80 ip=10.10.1.14 dport=80 > > However, when I attempto to add this one, it complains saying that > port 80 is already being used on a redirect or service and refuses to > add it. I checked with netstat -natp and no service is running on tcp > port 80, and the only other redirect is on a different interface, > hence there should be no rule collision. Is there a bug here or is it > an intended behaviour? If the later, why? Yep. This is a bug. We are working on this part of the firewall at the moment. We are introducing some changes to make redirections more flexible and functional. As an interim solution, I can tell you how fix this directly in your installation. You just need to comment out the lines doing the check in Firewall.pm. > Incidentally, since both tcp and udp (L4) ports are binded to IP > addresses (L3) and not to interfaces (L2), I think ebox should ask for > the listening IP (say, the public IP of interface eth1) instead of the > interface itself. This is specially true since I can have several IPs > on the same interface. Well, the thing is we use the interface to get its IP and if you need to add several IPs to the same interface the only way to do it with eBox is adding a virtual interface, hence you can still use this new virtual interface to build the rule. Cheers, Javi _______________________________________________ Ebox-user mailing list [email protected] https://lists.warp.es/mailman/listinfo/ebox-user
