Shorewall users - Jan 2005 - aDSL on ppp0 and dialin ppp

Hi all ....

I Have installed Bering LRP on Many sites and I am very pleased with the
capabilites of shorewall.

Howerver I came across a prob that I am unaware ot its solution.

Using shorewall 2.0.2f
Kernel  2.4.24


On one Site LRP box serves internet outgoing connections through ( static
IP ) a DSL line  AND an
incoming dial-in PPP conection.

My shorewall configuration Is based upon the fact that the aDSL will be
ppp0,
while  the incoming connection could be any ie ppp1..2..3..4..n.

When all are according to the plan there is no problem with the above
configuration...

But here is what happend a couple of times.

ppp0 ( aDSL ) was up and running
No incomming connection was active...

Sudenly ppp0 ( aDSL ) line drops
An dial-in connection is comming in and it gets the interface name ppp0.
Now all shorewall rules are applied to ppp0 ( Incomming connection from a
user ).
Even Worse aDSL line comes back up and it gets the interface name ppp1.
All the shorewall  rules that where suposed to be applied to user incomming
connections
are applied now to net zone.

Is there an Easy way  way that shorewall  can  distinguish the two lines and
be able to apply the specific
rules of the zone without depending on the interface name....??


Regards
Harry


____________________________________________________________________
http://www.freemail.gr - δωρεάν υπηρεσία ηλεκτρονικού ταχυδρομείου.
http://www.freemail.gr - free email service for the Greek-speaking.

Harry Lachanas wrote:
> 
> Hi all ....
> 
> I Have installed Bering LRP on Many sites and I am very pleased with the
> capabilites of shorewall.
> 
> Howerver I came across a prob that I am unaware ot its solution.
> 
> Using shorewall 2.0.2f
> Kernel  2.4.24
> 
> 
> On one Site LRP box serves internet outgoing connections through ( static
> IP ) a DSL line  AND an
> incoming dial-in PPP conection.
> 
> My shorewall configuration Is based upon the fact that the aDSL will be
> ppp0,
> while  the incoming connection could be any ie ppp1..2..3..4..n.
> 
> When all are according to the plan there is no problem with the above
> configuration...
> 
> But here is what happend a couple of times.
> 
> ppp0 ( aDSL ) was up and running
> No incomming connection was active...
> 
> Sudenly ppp0 ( aDSL ) line drops
> An dial-in connection is comming in and it gets the interface name ppp0.
> Now all shorewall rules are applied to ppp0 ( Incomming connection from a
> user ).
> Even Worse aDSL line comes back up and it gets the interface name ppp1.
> All the shorewall  rules that where suposed to be applied to user incomming
> connections
> are applied now to net zone.
> 
> Is there an Easy way  way that shorewall  can  distinguish the two lines
and
> be able to apply the specific
> rules of the zone without depending on the interface name....??
There is no way that Shorewall can do this. If you can think of a way to
do it, you can set a shell variable in /etc/shorewall/init where the
value in the Shell variable is the interface that you want for the
''net''
interface.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key