I'm converting my network from a "one interface per segment" to a
"single connection with vlans", well, some hardware I have requires
using different vlan IDs. suffice it to say I need bridges to connect a
few different vlans that should all be one but can't be because of
firmware constraints. so my first step is to get shorewall to know
about bridges. I convert my existing config to a bunch of bridges lan0
becomes a member of br-lan0, lan1 becomes a member of br-lan1, and
shorewall gets edited. interfaces and routestopped, I prefix lan0 and
lan1 with br- and I restart shorewall (sudo shorewall safe-restart).
This is a ubuntu system, and far as I can tell everything is right. I'm
using shroewall 4.4 so I add routeback to the interface options (I've
tried with and without bridge in them as well), and nothing works.
every packet into or out of the firewall on the LAN side drops dead.
far as I can tell, the bridges are set up right and working, and the
interfaces are set up right and working, but shorewall is somehow TKOing
everything (I think) :(.
did I miss a crucial config somewhere?
is there more I need to do to handle a bridge device in ubuntu (my
interfaces looks liek this:)
auto lo
iface lo inet loopback
auto wan0
iface wan0 inet dhcp
auto lan0
iface lan0 inet static
address 10.0.0.254
netmask 255.255.255.0
network 10.0.0.0
broadcast 10.0.0.255
auto lan1
iface lan1 inet static
address 10.0.1.254
netmask 255.255.255.0
network 10.0.1.0
broadcast 10.0.1.255
#auto br-lan0
#iface br-lan0 inet static
# address 10.0.0.254
# netmask 255.255.255.0
# network 10.0.0.0
# broadcast 10.0.0.255
# bridge_ports lan0
#auto br-lan1
#iface br-lan1 inet static
# address 10.0.1.254
# netmask 255.255.255.0
# network 10.0.1.0
# broadcast 10.0.1.255
# bridge_ports lan1
and my interfaces looks like this:
wan wan0 detect dhcp,tcpflags,nosmurfs,routefilter
users lan0 detect dhcp,tcpflags,routefilter
games lan1 detect dhcp,tcpflags,routefilter
and looked like this when not working:
wan wan0 detect dhcp,tcpflags,nosmurfs,routefilter
users br-lan0 detect
dhcp,tcpflags,routefilter,routeback
games br-lan1 detect
dhcp,tcpflags,routefilter,routeback
I had to revert changes because I couldn't finish the update in the hour
I had allotted, so It'll be a few hours before I can gather more
detailed information if needed, but I suspect that the problem was
actually some minor oversight.
------------------------------------------------------------------------------
Oracle to DB2 Conversion Guide: Learn learn about native support for PL/SQL,
new data types, scalar functions, improved concurrency, built-in packages,
OCI, SQL*Plus, data movement tools, best practices and more.
http://p.sf.net/sfu/oracle-sfdev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
