Peter Wickham
2002-Aug-02 23:51 UTC
[Shorewall-users] Ethernet entries in interfaces file.
I recently installed 1.3.5b on a mandrake 8.1 box. I borrowed the etc/shorewall directory from a similar setup but version 1.2.3 of shorewall. (I know some of the files use a different format, so no problem; I just made appropriate entries in the new version). Anyhow, in 1.2.3 it seems that you could specifiy multiple eth(x) entries something like this. net eth0 203.1.1.55 norfc1918,noping,routefilter,blacklist loc eth1 192.168.0.255 routestopped,multi loc eth1 192.168.1.255 routestopped,multi loc eth1 192.168.3.255 routestopped,multi wlan eth2 10.1.1.16 routestopped,multi The eth entries are all valid and show up in ifconfig. The end result being able to traffic shape etc... from one physical ethernet interface to multiple subnets. However, in version 1.3.5b. If you use the above entries in the interfaces file, The shorewall will not start and produces and error validating the interfaces file, It says that multiple entries for eth1 exist and it just exits at that point. Is there a way to achieve the 1.2.3 setup in 1.3.5b ?? Regards Pete Wickham
On Sat, 3 Aug 2002, Peter Wickham wrote:> I recently installed 1.3.5b on a mandrake 8.1 box. > > I borrowed the etc/shorewall directory from a similar setup but version 1.2.3 of shorewall. (I know some of the files use a different format, so no problem; I just made appropriate entries in the new version). > > Anyhow, in 1.2.3 it seems that you could specifiy multiple eth(x) entries something like this. > > net eth0 203.1.1.55 norfc1918,noping,routefilter,blacklist > loc eth1 192.168.0.255 routestopped,multi > loc eth1 192.168.1.255 routestopped,multi > loc eth1 192.168.3.255 routestopped,multi > wlan eth2 10.1.1.16 routestopped,multi > > The eth entries are all valid and show up in ifconfig. The end result being able to traffic shape etc... from one physical ethernet interface to multiple subnets. >The only thing that the above config did was to specify several broadcast addresses.> However, in version 1.3.5b. If you use the above entries in the interfaces file, The shorewall will not start and produces and error validating the interfaces file, It says that multiple entries for eth1 exist and it just exits at that point. > Is there a way to achieve the 1.2.3 setup in 1.3.5b ?? > >loc eth1 192.168.0.255,192.168.1.255,192.168.1.3.255 routestopped,multi -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Peter Wickham
2002-Aug-03 00:38 UTC
[Shorewall-users] Ethernet entries in interfaces file.
Does this mean that I am not really doing much in the scheme of things as far as shorewall is concerened, And will a single broadcast address be sufficient, Given that I only want to use traffic control on that device ? ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Peter Wickham" <peter.wickham@starday.com.au> Cc: <shorewall-users@shorewall.net> Sent: Saturday, August 03, 2002 8:30 AM Subject: Re: [Shorewall-users] Ethernet entries in interfaces file.> On Sat, 3 Aug 2002, Peter Wickham wrote: > > > I recently installed 1.3.5b on a mandrake 8.1 box. > > > > I borrowed the etc/shorewall directory from a similar setup but version1.2.3 of shorewall. (I know some of the files use a different format, so no problem; I just made appropriate entries in the new version).> > > > Anyhow, in 1.2.3 it seems that you could specifiy multiple eth(x)entries something like this.> > > > net eth0 203.1.1.55 norfc1918,noping,routefilter,blacklist > > loc eth1 192.168.0.255 routestopped,multi > > loc eth1 192.168.1.255 routestopped,multi > > loc eth1 192.168.3.255 routestopped,multi > > wlan eth2 10.1.1.16 routestopped,multi > > > > The eth entries are all valid and show up in ifconfig. The end resultbeing able to traffic shape etc... from one physical ethernet interface to multiple subnets.> > > > The only thing that the above config did was to specify several broadcast > addresses. > > > However, in version 1.3.5b. If you use the above entries in theinterfaces file, The shorewall will not start and produces and error validating the interfaces file, It says that multiple entries for eth1 exist and it just exits at that point.> > Is there a way to achieve the 1.2.3 setup in 1.3.5b ?? > > > > > > loc eth1 192.168.0.255,192.168.1.255,192.168.1.3.255 routestopped,multi > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users > >
On Sat, 3 Aug 2002, Peter Wickham wrote:> Does this mean that I am not really doing much in the scheme of things as > far as shorewall is concerened, And will a single broadcast address be > sufficient, Given that I only want to use traffic control on that device ?By listing all of the broadcast addresses, you ensure that you won''t see them as a rejected destination in your log. Other than that, you have defined "loc" as "all of those systems that interface to the firewall through eth1" - that hasn''t changed between what you had and what I recommended. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net