If the device name "eth0" is changed to "eth5", would the simple solution to update shorewall be to search all shorewall config files for eth0 and replace with eth5, restart shorewall and expect it to work exactly as before? Thanks, - Joel ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
JJB wrote:> If the device name "eth0" is changed to "eth5", would the simple > solution to update shorewall be to search all shorewall config files for > eth0 and replace with eth5, restart shorewall and expect it to work > exactly as before?Yes. You can also anticipate these sorts of changes and do what I do in my params file: teastep@ursa:~> grep _IF ShorewallConfigs/gateway/params INT_IF=br0 DMZ_IF=eth3 EXT_IF=eth0 WIFI_IF=eth1 TEST_IF=eth4 TEST1_IF=eth5 teastep@ursa:~> Then in my other config files, I have ''$INT_IF'' rather than ''br0'', etc. teastep@ursa:~> grep _IF ShorewallConfigs/gateway/interfaces loc $INT_IF detect dhcp,logmartians=1,routeback,bridge dmz $DMZ_IF detect logmartians=1 wifi $WIFI_IF detect dhcp,maclist,mss=1400 net ${EXT_IF} detect dhcp,logmartians=1,blacklist loc $TEST_IF detect optional loc $TEST1_IF detect optional teastep@ursa:~> -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
JJB escribió:> If the device name "eth0" is changed to "eth5", would the simple > solution to update shorewall be to search all shorewall config files for > eth0 and replace with eth5, restart shorewall and expect it to work > exactly as before? >Yes, it should be ... I think was you thinking about rename network device name ?? With udev it''s quite simple.> Thanks, > > - Joel > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It''s the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
Tom Eastep wrote:> JJB wrote: >> If the device name "eth0" is changed to "eth5", would the simple >> solution to update shorewall be to search all shorewall config files >> for eth0 and replace with eth5, restart shorewall and expect it to >> work exactly as before? > > Yes. You can also anticipate these sorts of changes and do what I do > in my params file: > > teastep@ursa:~> grep _IF ShorewallConfigs/gateway/params > INT_IF=br0 > DMZ_IF=eth3 > EXT_IF=eth0 > WIFI_IF=eth1 > TEST_IF=eth4 > TEST1_IF=eth5 > teastep@ursa:~> > > Then in my other config files, I have ''$INT_IF'' rather than ''br0'', etc. > > teastep@ursa:~> grep _IF ShorewallConfigs/gateway/interfaces > loc $INT_IF detect dhcp,logmartians=1,routeback,bridge > dmz $DMZ_IF detect logmartians=1 > wifi $WIFI_IF detect dhcp,maclist,mss=1400 > net ${EXT_IF} detect dhcp,logmartians=1,blacklist > loc $TEST_IF detect optional > loc $TEST1_IF detect optional > teastep@ursa:~> > > -Tom > ------------------------------------------------------------------------Awesome, thanks! - Joel ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
Adrian Chapela wrote:> JJB escribió: > >> If the device name "eth0" is changed to "eth5", would the simple >> solution to update shorewall be to search all shorewall config files for >> eth0 and replace with eth5, restart shorewall and expect it to work >> exactly as before? >> >> > Yes, it should be ... I think > > was you thinking about rename network device name ?? With udev it''s > quite simple. > >> Thanks, >> >> - Joel >> >> ------------------------------------------------------------------------- >> Check out the new SourceForge.net Marketplace. >> It''s the best place to buy or sell services for >> just about anything Open Source. >> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> >> > > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It''s the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > >Hi Adrian, When we built our gateway server we were in an emergency situation and were short on gigabit ethernet cards, so the servers in our DMZ are connected to a 10/100 card which is a bottleneck for backups & other things - I would like to swap in some new cards and bring the box back up as quickly as possible. - Joel ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
JJB wrote:>If the device name "eth0" is changed to "eth5", would the simple >solution to update shorewall be to search all shorewall config files for >eth0 and replace with eth5, restart shorewall and expect it to work >exactly as before?My preferred method now is to configure udev to give devices meaningful names - like ethint and ethext. It''s especially helpful to people like me with poor memories. If you know the MAC address in advance, you can configure udev before you shut the system down and it will come up correctly when you reboot. In Debian, the config file is /etc/udev/rules.d/z25_persistent-net.rules which contains lines like : SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:03:47:aa:bb:cc", NAME="ethext" It sure beats "port roulette" when your ethernet devices come up with pseudo random naming ! ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
Simon Hobson wrote:> In Debian, the config file is > /etc/udev/rules.d/z25_persistent-net.rules which contains lines like : > > SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:03:47:aa:bb:cc", > NAME="ethext" > > It sure beats "port roulette" when your ethernet devices come up with > pseudo random naming !There''s also support for assigning interfaces by MAC address in Shorewall. In /etc/shorewall/params: NETIF=$(find_interface_by_mac 11:22:33:44:55:66) then use $NETIF. Not much need for that any more since most distros now provide stable interface naming automatically. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
Simon Hobson escribió:> JJB wrote: > >> If the device name "eth0" is changed to "eth5", would the simple >> solution to update shorewall be to search all shorewall config files for >> eth0 and replace with eth5, restart shorewall and expect it to work >> exactly as before? >> > > My preferred method now is to configure udev to give devices > meaningful names - like ethint and ethext. It''s especially helpful to > people like me with poor memories. > > If you know the MAC address in advance, you can configure udev before > you shut the system down and it will come up correctly when you > reboot. > > In Debian, the config file is > /etc/udev/rules.d/z25_persistent-net.rules which contains lines like : > > SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:03:47:aa:bb:cc", > NAME="ethext" >Yes, this was I want to mean in another mail. If you know which card you will change, you could write the mac address of the new card in ATTRS of the card of you are changing. The mac of a new card is in the card. Lucky!> It sure beats "port roulette" when your ethernet devices come up with > pseudo random naming ! > > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It''s the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace