On Sun, 2005-01-02 at 13:35 +0100, muellega@ee.ethz.ch wrote:
> Now Iam asking, is this possible, or not?
> If the answer is yes, how I have to configure shorewall?
>
> Please also send a copy of your answer to muellega@ee.ethz.ch.
I think that I would configure the Shorewall box as a bridge and just
let the systems behind the firewall get their own IP addresses via DHCP.
You are going to have a awkward time doing anything useful if you assign
all of the dynamic IP addresses to the firewall, regardless of which
iptables configuration tool you use.
If you persist on your current path, I think that the best thing to do
is place logic in /etc/shorewall/params that parses the output of "ip
addr ls dev <your firewall''s external if>" and sets shell
variables.
Then use the shell variables where you want addresses in the Shorewall
configuration. This still doesn''t seem too useful to me but possibly,
you can tie it in with a dynamic DNS server to make use of your multiple
IP addresses somehow.
Note that it is rather straight-forward to use the multiple addresses
with dynamic DNS if you take the bridge approach because each system can
run ip-ezupdate or something similar.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key