Re: [Shorewall-users] problem with aliased interface

Wed, 20 Jun 2012 16:29:45 -0700 

Steve Williams wrote:
> I recently added a new subnet to my existing network that is behind a 
> firewall running Shorewall 4.4.16.1.  I am attempting to allow traffic to 
> route between the two subnets.  The subnets are defined as per what is seen 
> in ifconfig here:
> 
> [root@fw10g shorewall]# ifconfig
> eth0      Link encap:Ethernet  HWaddr 00:1B:21:84:AF:04 
>           inet addr:129.116.190.250  Bcast:129.116.190.255  Mask:255.255.255.0
>           inet6 addr: fe80::21b:21ff:fe84:af04/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:893909525 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:1079210487 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:740527359996 (689.6 GiB)  TX bytes:1270877098736 (1.1 TiB)
> 
> eth0:0    Link encap:Ethernet  HWaddr 00:1B:21:84:AF:04 
>           inet addr:129.116.65.225  Bcast:129.116.65.255  Mask:255.255.255.224
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> 
> when looking at the current documentation from
> 
> http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html
> 
> it states that you can modify the /etc/shorewall/interfaces file to include 
> the following (modified from the docs to use my two subnets):
> 
> loc         eth0       129.116.190.255,129.116.65.255   *routeback*
> 
> 
> however, when I attempt to compile shorewall with this configuration I get 
> this message:
> 
> Compiling /etc/shorewall/interfaces...
>    WARNING: Shorewall no longer uses broadcast addresses in rule generation 
> when Address Type Match is available : /etc/shorewall/interfaces (line 11)
> 
> in a google search I found that you can supposedly modify the line above and 
> replace "routeback" with either "-" or "detect", but neither of those work.  
> Does anyone know how current versions of shorewall handle aliased interfaces?
> 

This should work:

        loc     eth0    -       routeback

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to