Re: [Shorewall-users] Issue starting Shorewall - ERROR: Unknown interface address variable (&DMZ_IF) /etc/shorewall/rtrules (line 4)

Sun, 07 Jan 2018 17:54:07 -0800 

True.

This issue is solved after applying the recommended changes to
/etc/shorewall/interfaces

THX


Am 08.01.2018 um 02:37 schrieb Tom Eastep:
> On 01/07/2018 05:06 PM, Thomas wrote:
>> Hi,
>>
>> when starting Shorewall I get this errror:
>> ERROR: Unknown interface address variable (&DMZ_IF) /etc/shorewall
>> /rtrules (line 4)
>>
>> I have attached the relevant trace file.
>>
>> This issue can be solved by modifying /etc/shorewall/rtrules.
>> failing:
>> #SOURCE         DEST    PROVIDER        PRIORITY
>> &UMB_IF         -       um_business     1000
>> &UMP_IF         -       um_private      1000
>> &DMZ_IF         -       um_business     11000
>> &INT_IF         -       um_private      11000
>>
>> working:
>> #SOURCE         DEST    PROVIDER        PRIORITY
>> &UMB_IF         -       um_business     1000
>> &UMP_IF         -       um_private      1000
>> vmbr2           -       um_business     11000
>> &INT_IF         -       um_private      11000
>>
>> I'm wondering why this error is thrown because I have this Shorewall
>> parameters file:
>> root@pc4-svp:/tmp# cat /etc/shorewall/params
>> LOG=NFLOG
>> UMB_IF=eno1
>> UMP_IF=vmbr0
>> INT_IF=vmbr1
>> DMZ_IF=vmbr2
>> TUN_IF=tun+
>>
> 
> And you have placed $DMZ_IF in the INTERFACE column in
> /etc/shorewall/interface. So this the interfaces entry that gets
> processed after variable expansion is:
> 
> dmz      vmbr2      -      routeback=1,proxyarp=1,required,wait=30
> 
> With that entry, the proper address variable is &vmbr2, not &DMZ_IF.
> 
> If you change your interfaces entry to:
> 
> dmz  DMZ_IF  -  routeback=1,proxyarp=1,required,wait=30,physical=$DMZ_IF
> 
> then &DMZ_IF will work.
> 
> -Tom
> 
> 
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> 
> 
> 
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
> 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to