Hi
I am trying to understand the logic for defining virtual interfaces (and
VLAN) on an interface towards internet.
I have a setup with three external WAN interfaces and two internal.
I am using lsm to discover and change from an interface with lower mark
to a higher when the lower marked interface fails.
This works fine with no hassle
My running and working setup
zones:
fw firewall
lan1 ipv4
bup2 ipv4
bup1 ipv4
lan2 ipv4
net ipv4
interfaces:
bup2 eth5 detect optional
lan2 eth2 detect optional,maclist
bup1 eth3 detect optional
lan1 eth1 detect optional,maclist
net eth0 detect optional
providers:
P_bup2 3 3 main eth5 192.168.0.1 loose,fallback eth1,eth2
P_bup1 2 2 main eth3 192.168.1.1 loose,fallback
eth1,eth2
P_net 1 1 main eth0 172.16.0.254 loose,balance
eth1,eth2
Then I create a virtual interface on eth0 as eth0:3, the network
settings works fine (when all firewalling is disabled).
I add a zone for the new alias interface in the zones file
virt3 ipv4
I change the definition of eth0 in interfaces to
- eth0 detect optional
running
shorewall check
end up in an error :
Checking /etc/shorewall/providers...
ERROR: A provider interface must have at least one associated zone
/etc/shorewall/providers (line X)
eth0 and eth0:3 are on different subnets, I am only interested to use
DNAT on the alias interface and be able to configure the rules between
these interfaces.
So I wonder where I go wrong and what I am missing.
/Göran
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
