Cameron Jenkins
2005-Jan-20 20:58 UTC
Masquerade for L2TP tunnel that may not be up 100% of the time
Hello, I''ve successfully gotten Shorewall 2.0.7 configured and working. However, I am confused about how I can setup the interface "ppp1" in the file masq to allow the masquerading of my local LAN over a L2TP tunnel. It works without a hitch if the ppp interface is up, but if I reboot my machine without the interface being, shorewall refuses to load because the interface is not live. Does anyone have any suggestions? Regards, Cameron Jenkins
John Sivak
2005-Jan-20 21:23 UTC
Re: Masquerade for L2TP tunnel that may not be up 100% of the time
If you''re using an interface name (eth0, eth1..) in your masq file then the problem is that (from a post I read in the archives) netfilter requires the interface to be "alive" when the "masq rule" is applied. I had this problem with my OpenVPN tunnel. I was able to replace the interface name with the actual IP network that is being hidden. HTH. Cameron Jenkins wrote:>Hello, > >I''ve successfully gotten Shorewall 2.0.7 configured and working. > >However, I am confused about how I can setup the interface "ppp1" in the >file masq to allow the masquerading of my local LAN over a L2TP tunnel. > >It works without a hitch if the ppp interface is up, but if I reboot my >machine without the interface being, shorewall refuses to load because the >interface is not live. > >Does anyone have any suggestions? > >Regards, >Cameron Jenkins > >_______________________________________________ >Shorewall-users mailing list >Post: Shorewall-users@lists.shorewall.net >Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users >Support: http://www.shorewall.net/support.htm >FAQ: http://www.shorewall.net/FAQ.htm > >
Tom Eastep
2005-Jan-20 21:25 UTC
Re: Masquerade for L2TP tunnel that may not be up 100% of the time
Cameron Jenkins wrote:> Hello, > > I''ve successfully gotten Shorewall 2.0.7 configured and working. > > However, I am confused about how I can setup the interface "ppp1" in the > file masq to allow the masquerading of my local LAN over a L2TP tunnel. > > It works without a hitch if the ppp interface is up, but if I reboot my > machine without the interface being, shorewall refuses to load because the > interface is not live. > > Does anyone have any suggestions?Don''t include anything in your Shorewall configuration that requires that the interface be up when Shorewall starts (such as "detect" in the BROADCAST column of the interfaces file). It should be obvious from the error message that Shorewall generates what the problem is, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key