On 09/29/2012 11:47 PM, Gémes Géza wrote: > The zones file has:
> fw firewall > net ipv4 > loc ipv4 > dmz ipv4 > okt ipv4 > kag ipv4 > nonet:loc ipv4 > nocom:loc ipv4 > (nocom and nonet are the two new dynamic zones I try to introduce) > The corresponding lines from hosts are: > nonet lan-if:dynamic > nocom lan-if:dynamic > And on interfaces the interesting line has: > loc lan-if detect > routeback,bridge,tcpflags,dhcp,nosmurfs,blacklist > I know it differs from the documentation by specifying non-default > options, but I would like to keep at least blacklist for now until the > dynamic zones get fully tested. The ipsets are generated as: > Name: nocom_lanif_3 Why the '_3' at the end of the name? The name of the ipset that Shorewall will generate in this case is simply 'nocom_lanif': > Type: hash:ip > Header: family inet hashsize 1024 maxelem 65536 > Size in memory: 16504 > References: 24 > Members: > Name: nonet_lanif_3 > Type: hash:ip > Header: family inet hashsize 1024 maxelem 65536 > Size in memory: 16504 > References: 12 > Members: > I've observed two strange/misunderstood behaviors/errors: > 1. shorewall show dynamic nonet > returns nothing Do you really mean 'nothing', or do you mean that it returns: lan-if: followed by a blank line? Here's an example: root@gateway:/etc/shorewall# shorewall show dynamic direct eth2: root@gateway: and trying to add an IP address to any of the dynamic > pools fails: > shorewall add lan-if:10.255.255.136 nonet > ERROR: Zone nonet, interface lan-if is does not have a dynamic host > list That message is returned when the ipset nonet_lanif does not exist. When it does exist, this results: root@gateway:/etc/shorewall# shorewall add eth2:172.20.1.99 direct Host eth2:172.20.1.99 added to zone direct root@gateway:/etc/shorewall# > 2. In the rules files I couldn't specify the name of the dynamic zone, > only the name of the generated ipset (this could be related to the > previous or by design) That means that the zone isn't being recognized for some reason. Something is very wrong with your setup, but given that we're seeing only a tiny part of it, it's difficult to understand what the problem is. What does 'shorewall show zones' return? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://ad.doubleclick.net/clk;258768047;13503038;j? http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
