There is a lingering level of anxiety regarding the way that Shorewall
adds IP addresses for NAT under the ADD_IP_ALIASES="Yes" option.
Up to now, Shorewall has added these ''aliases'' as single
addresses (/32)
without subnet or broadcast address.
The current Beta ''firewall'' script adds these aliases using
the same VLSM
and Broadcast address as the primary IP address for the EXTERNAL interface
uses. This change shouldn''t change anything functionally but it will
hopefully cool future fevered brows...
The beta is at http://www.shorewall.net/pub/shorewall/Beta
Please test this script to be sure that I haven''t broken sometime --
I''m
running this code but YMMV and I want to be sure that I''m not trading
an
occasional question/report for a real problem.
Thanks,
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ teastep@shorewall.net
