Hi I just found a nice man page for shorewall/hosts, that was my missing piece.
/Göran Den 2017-04-04 kl. 13:38, skrev Göran Höglund: > Hi > > I am trying to understand the logic for defining virtual interfaces (and > VLAN) on an interface towards internet. > I have a setup with three external WAN interfaces and two internal. > > I am using lsm to discover and change from an interface with lower mark > to a higher when the lower marked interface fails. > This works fine with no hassle > > My running and working setup > zones: > fw firewall > lan1 ipv4 > bup2 ipv4 > bup1 ipv4 > lan2 ipv4 > net ipv4 > > interfaces: > bup2 eth5 detect optional > lan2 eth2 detect optional,maclist > bup1 eth3 detect optional > lan1 eth1 detect optional,maclist > net eth0 detect optional > > providers: > P_bup2 3 3 main eth5 192.168.0.1 loose,fallback eth1,eth2 > P_bup1 2 2 main eth3 192.168.1.1 loose,fallback > eth1,eth2 > P_net 1 1 main eth0 172.16.0.254 loose,balance > eth1,eth2 > > Then I create a virtual interface on eth0 as eth0:3, the network > settings works fine (when all firewalling is disabled). > I add a zone for the new alias interface in the zones file > virt3 ipv4 > I change the definition of eth0 in interfaces to > - eth0 detect optional > > running > shorewall check > end up in an error : > Checking /etc/shorewall/providers... > ERROR: A provider interface must have at least one associated zone > /etc/shorewall/providers (line X) > > eth0 and eth0:3 are on different subnets, I am only interested to use > DNAT on the alias interface and be able to configure the rules between > these interfaces. > > So I wonder where I go wrong and what I am missing. > > /Göran > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
