Hi
2008/5/13 Geza Gemes <[EMAIL PROTECTED]>:
> The problem is, that the system has two ISPs a cable one (no problems
> here) and a DSL provider. Because of the DSL provider the system is going
> to have one pppN interface for DSL (net zone) and many pppX interfaces for
> l2tp/pptp (loc zone) I've already configured the dsl provider to give ppp
> interface numbers over 1000 (unit 1000 in /etc/ppp/peers/provider-name).
> My question is how to define the shorewall zones to have ppp1000, ppp1001,
> etc in the net zone and ppp0, ppp1, ..., ppp999 in the loc zone (without
> enumerating them all).
>
1. /etc/shorewall/shorewall.conf: DYNAMIC_ZONES=Yes
2. /etc/shorewall/interfaces: - ppp+
3. /etc/ppp/peers/provider-name: ipparam (loc|net) - pass zone name to
ip-(up|down) scripts via PPP_IPPARAM envvar
4. /etc/ppp/ip-up.d/shorewall: something like 'shorewall add
ppp+:$PPP_REMOTE $PPP_IPPARAM'
5. /etc/ppp/ip-down.d/shorewall: something like 'shorewall delete
ppp+:$PPP_REMOTE $PPP_IPPARAM'
There is no clear meaning for 'ipparam' option; use with care, don't cross
with other ip-(up|down) scripts.
Dmitry.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
