Re: [Shorewall-users] masq file: interface or ip address in source field?

Wed, 30 Sep 2009 20:57:53 -0700 

On Wed, Sep 30, 2009 at 11:02 PM, Jerry Vonau <jvo...@shaw.ca> wrote:

> On Wed, 2009-09-30 at 10:38 +0530, Rags wrote:
> > Hello,
> >
> > I'm using Shorewall perl 4.4.1.2 with two pppoe connections, with
> > fail-over and load balancing.
> >
> > When I upgraded to Shorewall-perl, I saw a bunch of warnings pop up
> > after I start/restart Shorewall. One was about the masq file , wherein
> > instead of using interface names, IP-addresses were to be used. So I
> > made the changes to the masq file like so.
> >
> > #INTERFACE              SOURCE             ADDRESS         PROTO
> > PORT(S) IPSEC   MARK
> > ppp0                          $PPP1_IP              $PPP0_IP
> > ppp1                          $PPP0_IP              $PPP1_IP
> > ppp0                          192.168.32.1
> > ppp1                          192.168.32.1
> >
> So it's a variable...
>

Sorry, I should have posted the original file. This is what it was earlier
with shorewall -shell.

#INTERFACE              SOURCE             ADDRESS         PROTO
 ppp0                          $PPP1_IP            $PPP0_IP
 ppp1                          $PPP0_IP            $PPP1_IP
 ppp0                          eth0
 ppp1                          eth0

This works, but with the aforementioned warning. What I had changed was the
LAN interface(eth0) to the ip address.

> But, after that whenever I restart shorewall, I get a warning that
> > both the providers are down and no default route is added. But both
> > the lines are in fact up and when I revert the changes to the masq
> > file everything goes back to normal.
> Sorry, but revert to what config?
>

With eth0 in the source field.

>
> > I don't understand how that change in the masq file affected this.
> >
> How have you setup PPP0_IP, PPP1_IP in the params file?
>

Like so :

PPP0_IP=$(find_first_interface_address_if_any ppp0)
PPP1_IP=$(find_first_interface_address_if_any ppp1)

Thanks,

-- Raghu

------------------------------------------------------------------------------
Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
http://p.sf.net/sfu/devconf
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to