[Shorewall-users] shorewall multi-isp snat with 3 ppp interfaces

Vieri Di Paola Tue, 02 Oct 2018 03:15:54 -0700

Hi,

This is a follow-up to my previous e-mail "From: Vieri Di Paola
<vieridipa...@yahoo.com> - 2018-10-01 17:31:37". I'm writing from my
gmail account because as stated in my previous post, I can't access
mail.yahoo.com through my shorewall gateway for some reason I can't
figure out. It might be because of my snat file.


The error I get with my snat file is shown below:

Creating iptables-restore input...
Compiling /etc/shorewall/stoppedrules...
Shorewall configuration compiled to /var/lib/shorewall/.restart
Configuration uses these capabilities ('*' denotes required):
   ADDRTYPE
   AMANDA_HELPER*
   BASIC_FILTER
   COMMENTS
   CONNMARK*
   CONNMARK_MATCH*
   CONNTRACK_MATCH
   CT_TARGET*
   ENHANCED_REJECT
   EXMARK
   FLOW_FILTER
   FTP_HELPER*
   FWMARK_RT_MASK
   GEOIP_MATCH*
   GOTO_TARGET
   H323_HELPER*
   HASHLIMIT_MATCH*
   IFACE_MATCH
   IPRANGE_MATCH*
   IPSET_MATCH*
   IPTABLES_S
   IRC_HELPER*
   LOG_TARGET*
   MANGLE_ENABLED
   MANGLE_FORWARD
   MARK
   MULTIPORT*
   NAT_ENABLED
   NAT_INPUT_CHAIN
   NETBIOS_NS_HELPER*
   NEW_CONNTRACK_MATCH
   NFQUEUE_TARGET*
   PPTP_HELPER*
   RAW_TABLE
   RECENT_MATCH
   SANE_HELPER*
   SIP_HELPER*
   SNMP_HELPER*
   STATISTIC_MATCH*
   TFTP_HELPER*
   WAIT_OPTION
   XMULTIPORT*
/var/lib/shorewall/.restart: line 2998: syntax error near unexpected token `fi'
/var/lib/shorewall/.restart: line 2998: `       fi'

My relevant config files are:

# cat snat
SNAT($IF_ISP3_IP)       0.0.0.0/0       $IF_ISP3
SNAT($IF_ISP2_IP)       0.0.0.0/0       $IF_ISP2
SNAT($IF_ISP1_IP)       0.0.0.0/0       $IF_ISP1
SNAT($IF_ISP3_IP)      $IF_LAN $IF_ISP3
SNAT($IF_ISP2_IP)      $IF_LAN $IF_ISP2
SNAT($IF_ISP1_IP)      $IF_LAN $IF_ISP1
SNAT($IF_ISP3_IP)      $IF_DMZ $IF_ISP3
SNAT($IF_ISP2_IP)      $IF_DMZ $IF_ISP2
SNAT($IF_ISP1_IP)      $IF_DMZ $IF_ISP1
SNAT($IF_LAN_MASQ_ADDRESS)      $IF_LAN_MASQ_SOURCE     $IF_LAN

# cat params
IF_LAN=enp10s0
IF_DMZ=enp5s0
IF_ISP1_ETH=enp7s0
IF_ISP2_ETH=enp6s0
IF_ISP3_ETH=enp8s5
IF_ISP1=ppp1
IF_ISP2=ppp2
IF_ISP3=ppp3
IF_ISP1_IP=detect
IF_ISP2_IP=detect
IF_ISP3_IP=detect
IF_ISP1_GW=-
IF_ISP2_GW=-
IF_ISP3_GW=-
IF_LAN_MASQ_ADDRESS=10.215.144.92
IF_LAN_MASQ_SOURCE=172.16.0.2

As requested earlier, my failing .restart file can be found here:

https://drive.google.com/open?id=1tMt3VqtXE9CX1YVZIGUwmmOWhtx1CC4M

The offending code is the following clause (repeated twice for each
ppp interface):
if [ "$SW_PPP1_ADDRESS" != 0.0.0.0 ]; then
fi

# shorewall version
5.2.0.5

Thanks,

Vieri


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

[Shorewall-users] shorewall multi-isp snat with 3 ppp interfaces

Reply via email to