Shorewall users - Jan 2005 - Multiple IPs on eth0 with dchpcd

Hello
Iam searching for a solution to do the following:
I have an ISP from which Iam able to get several public IPs. Now I want to put
several IPs on the interface eth0 (eth0, eth0:1 ...). I found out how to do
this with dhcpcd. The problem now is that I do not know how to configure
shorewall (I found the Shorewall_and_Aliased_Interfaces-Manual, but there every
example is with fixed IPs).
Now Iam asking, is this possible, or not?
If the answer is yes, how I have to configure shorewall?

Please also send a copy of your answer to muellega@ee.ethz.ch.

Thanks
Gabriel Mueller

On Sun, 2005-01-02 at 13:35 +0100, muellega@ee.ethz.ch wrote:
> Now Iam asking, is this possible, or not?
> If the answer is yes, how I have to configure shorewall?
> 
> Please also send a copy of your answer to muellega@ee.ethz.ch.
I think that I would configure the Shorewall box as a bridge and just
let the systems behind the firewall get their own IP addresses via DHCP.
You are going to have a awkward time doing anything useful if you assign
all of the dynamic IP addresses to the firewall, regardless of which
iptables configuration tool you use.

If you persist on your current path, I think that the best thing to do
is place logic in /etc/shorewall/params that parses the output of "ip
addr ls dev <your firewall''s external if>" and sets shell
variables.
Then use the shell variables where you want addresses in the Shorewall
configuration. This still doesn''t seem too useful to me but possibly,
you can tie it in with a dynamic DNS server to make use of your multiple
IP addresses somehow.

Note that it is rather straight-forward to use the multiple addresses
with dynamic DNS if you take the bridge approach because each system can
run ip-ezupdate or something similar.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key