On 03/15/2016 12:51 AM, Thomas Schneider wrote: > Hello! > > With regards to the recommended settings in shorewall.conf > TC_BITS=8 > PROVIDER_OFFSET=8 > PROVIDER_BITS=4 > is this a best-practice? > Because initially the parameters are not set.
They are not set for historical reasons -- by setting them as shown above, you are reserving 8 bites for future traffic shapping configuration. > > Unfortunately I get an error when starting shorewall: > [...] > Mar 15 8:22:39 Finishing matrix... > Mar 15 8:22:39 Creating iptables-restore input... > Mar 15 8:22:39 Shorewall configuration compiled to > /var/lib/shorewall/.start > Mär 15 08:22:39 Starting Shorewall.... > Mär 15 08:22:39 ERROR: Can't determine the IP address of eth2 > Mär 15 08:22:39 ERROR:Shorewall start failed:Firewall state not changed > > I assume this is related to the network configuration where eth2 is > bridged to vmbr2: > [...] > auto eth2 > iface eth2 inet manual > > auto vmbr2 > iface vmbr2 inet static > address 192.168.1.14 > netmask 255.255.255.0 > bridge_ports eth2 > bridge_stp off > bridge_fd 0 > > root@pc4-svp:~# ifconfig > eth0 Link encap:Ethernet Hardware Adresse 74:d4:35:1a:f6:0f > inet Adresse:217.xxx.xxx.xxx Bcast:255.255.255.255 > Maske:255.255.255.192 > inet6-Adresse: fe80::76d4:35ff:fe1a:f60f/64 > Gültigkeitsbereich:Verbindung > UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1 > RX packets:20460 errors:0 dropped:0 overruns:0 frame:0 > TX packets:94 errors:0 dropped:0 overruns:0 carrier:0 > Kollisionen:0 Sendewarteschlangenlänge:1000 > RX bytes:1684356 (1.6 MiB) TX bytes:8729 (8.5 KiB) > Interrupt:20 Speicher:f7d00000-f7d20000 > > eth1 Link encap:Ethernet Hardware Adresse 00:15:17:91:9c:b8 > UP BROADCAST MULTICAST MTU:1500 Metrik:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > Kollisionen:0 Sendewarteschlangenlänge:1000 > RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) > Interrupt:16 Speicher:f7c60000-f7c80000 > > eth2 Link encap:Ethernet Hardware Adresse 00:15:17:91:9c:b9 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1 > RX packets:2306 errors:0 dropped:0 overruns:0 frame:0 > TX packets:2293 errors:0 dropped:0 overruns:0 carrier:0 > Kollisionen:0 Sendewarteschlangenlänge:1000 > RX bytes:335489 (327.6 KiB) TX bytes:1260503 (1.2 MiB) > Interrupt:17 Speicher:f7c20000-f7c40000 > > lo Link encap:Lokale Schleife > inet Adresse:127.0.0.1 Maske:255.0.0.0 > inet6-Adresse: ::1/128 Gültigkeitsbereich:Maschine > UP LOOPBACK RUNNING MTU:65536 Metrik:1 > RX packets:1 errors:0 dropped:0 overruns:0 frame:0 > TX packets:1 errors:0 dropped:0 overruns:0 carrier:0 > Kollisionen:0 Sendewarteschlangenlänge:0 > RX bytes:104 (104.0 B) TX bytes:104 (104.0 B) > > tap121i0 Link encap:Ethernet Hardware Adresse 46:f6:a2:8f:8e:10 > inet6-Adresse: fe80::44f6:a2ff:fe8f:8e10/64 > Gültigkeitsbereich:Verbindung > UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metrik:1 > RX packets:1810 errors:0 dropped:0 overruns:0 frame:0 > TX packets:1740 errors:0 dropped:0 overruns:0 carrier:0 > Kollisionen:0 Sendewarteschlangenlänge:500 > RX bytes:991546 (968.3 KiB) TX bytes:270132 (263.8 KiB) > > vmbr0 Link encap:Ethernet Hardware Adresse f2:b4:7f:3d:67:f9 > inet Adresse:10.0.0.1 Bcast:10.0.0.255 Maske:255.255.255.0 > inet6-Adresse: fe80::f0b4:7fff:fe3d:67f9/64 > Gültigkeitsbereich:Verbindung > UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:18 errors:0 dropped:0 overruns:0 carrier:0 > Kollisionen:0 Sendewarteschlangenlänge:0 > RX bytes:0 (0.0 B) TX bytes:1548 (1.5 KiB) > > vmbr1 Link encap:Ethernet Hardware Adresse 00:15:17:91:9c:b8 > inet Adresse:10.1.0.1 Bcast:10.1.0.255 Maske:255.255.255.0 > UP BROADCAST MULTICAST MTU:1500 Metrik:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > Kollisionen:0 Sendewarteschlangenlänge:0 > RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) > > vmbr2 Link encap:Ethernet Hardware Adresse 00:15:17:91:9c:b9 > inet Adresse:192.168.178.10 Bcast:192.168.1.255 > Maske:255.255.255.0 > inet6-Adresse: fe80::215:17ff:fe91:9cb9/64 > Gültigkeitsbereich:Verbindung > UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1 > RX packets:1389 errors:0 dropped:377 overruns:0 frame:0 > TX packets:472 errors:0 dropped:0 overruns:0 carrier:0 > Kollisionen:0 Sendewarteschlangenlänge:0 > RX bytes:123341 (120.4 KiB) TX bytes:257435 (251.4 KiB) > > > > Can you please advise? Then use vmbr2 as the interface for that provider rather than eth2 since it is the bridge that has an IP address. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users