Brian J. Murrell wrote: > On Fri, 2007-02-02 at 13:07 -0800, Tom Eastep wrote: >> Tom Eastep wrote: >> >>> If you need to set an address in /etc/shorewall/params, here's a trick: >>> >>> if [ $HOSTNAME = remote ]; then >>> ADDR=$(find_first_interface_address eth1) >>> else >>> ADDR=$(ssh [EMAIL PROTECTED] "shorewall-lite call >>> find_first_interface_address >>> eth1") >>> fi >> Please disregard -- the above works from the command line but not in >> /etc/shorewall/params. > > Well the $HOSTNAME goop doesn't work for whatever reason (I didn't > investigate): > > + [ = gw ] > [: 1: gw: unexpected operator
That's what I was telling you -- it doesn't work in the /etc/shorewall/params file. > > But since this is the params file for that remote node, I just > disregarded the conditional end put: > > ETH1_IP=$(ssh [EMAIL PROTECTED] shorewall-lite call > find_first_interface_address eth1) > > in my params file, and indeed it seems to have worked: > > + ssh [EMAIL PROTECTED] shorewall-lite call find_first_interface_address eth1 > + ETH1_IP=72.38.184.236 > > I got a bunch of compiling going on and then: > > ERROR: Chain designator not allowed when source is $FW; rule "256:P fw > " > > Which has got something to do with my "route everything through one > interface by default" tcrules entry: > > 256:P $FW > > But I have not investigated yet to see why. This was working using > shorewall directly on the firewall. Let me dig into the source a bit... Is the version of Shorewall on the admin system the same as the one that you had on the firewall? I think that older versions let you get away with that invalid rule. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
