Dan Mayer
2005-Feb-07 21:26 UTC
RE: Problems With NAT/Multi IPs Settings... Sho rewall 2.2
>What does that mean?In the Mandrake control center, the options for DNS Servers get wiped out... I think this is just a Mandrake issues. Was just the one issue that got me convincedto switch to Fedora>GroanYes, I''ve groaned much since =(>Exact error messages are helpful -- vague references to "...or >something..." are not helpful.Sorry about that.. I''m usually very good about posting correct errors messages but I was far from our server room at the time of the post>This sounds like you have ADD_IP_ALIASES=Yes in shorewall.conf.Yes, you are correct. I turned that off, and lo and behold the settings were now being accepted once again. Still not working, but I''m leaving the office now so no time to continue.>If you are configuring eth0:1 using a tool included with >Mandrake/Fedora/Debian/Slackware/Gentoo/<whatever distribution you have >installed today> then you do not want ADD_IP_ALIASES=Yes in shorewall.conf.>See http://shorewall.net/Shorewall_and_Aliased_Interfaces.html for >additional information about configuring multiple addresses on aninterface. I will read up on this tonight. Unfortunately I am leaving the office right now, but I have it replicated at home. But if I understand you correctly, if I leave the GUI network settings untouched, and leave it up to shorewall to alias my entries, then it should be ok? I''ll play around tonight, keep a log, and post back tomorrow.... Sorry if I sound like a n00b, but I am.. lol =)
Tom Eastep
2005-Feb-07 21:30 UTC
Re: Problems With NAT/Multi IPs Settings... Sho rewall 2.2
Dan Mayer wrote:> >>If you are configuring eth0:1 using a tool included with >>Mandrake/Fedora/Debian/Slackware/Gentoo/<whatever distribution you have >>installed today> then you do not want ADD_IP_ALIASES=Yes in shorewall.conf. > > >>See http://shorewall.net/Shorewall_and_Aliased_Interfaces.html for >>additional information about configuring multiple addresses on an > > interface. > > > I will read up on this tonight. Unfortunately I am leaving the office right > now, but I have it replicated at home. > > But if I understand you correctly, if I leave the GUI network settings > untouched, and leave it up to shorewall to alias my entries, then it should > be ok?The important thing is to either configure the aliases using the GUI OR let Shorewall do it but NOT BOTH. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Dan Mayer
2005-Feb-07 21:31 UTC
RE: Problems With NAT/Multi IPs Settings... Sho rewall 2.2
-----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net]On Behalf Of Tom Eastep Sent: Monday, February 07, 2005 4:30 PM To: Mailing List for Shorewall Users Cc: ''teknion@xvi.com'' Subject: Re: [Shorewall-users] Problems With NAT/Multi IPs Settings... Sho rewall 2.2 So I shouldn''t even use ifconfig even?>The important thing is to either configure the aliases using the GUI OR >let Shorewall do it but NOT BOTH.-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
Tom Eastep
2005-Feb-07 22:12 UTC
Re: Problems With NAT/Multi IPs Settings... Sho rewall 2.2
Dan Mayer wrote:> > -----Original Message----- > From: shorewall-users-bounces@lists.shorewall.net > [mailto:shorewall-users-bounces@lists.shorewall.net]On Behalf Of Tom > Eastep > Sent: Monday, February 07, 2005 4:30 PM > To: Mailing List for Shorewall Users > Cc: ''teknion@xvi.com'' > Subject: Re: [Shorewall-users] Problems With NAT/Multi IPs Settings... > Sho rewall 2.2 > > So I shouldn''t even use ifconfig even?I wouldn''t use ifconfig under any circumstances since its use is deprecated. To try to make it clear: Choice A: o Configure ALL IP addresses on ALL INTERFACES using the GUI o Set ADD_IP_ALIASES=No in shorewall.conf Choice B: o Configure all PRIMARY IP addresses on ALL INTERFACES using the GUI. o Set ADD_IP_ALIASES=Yes in shorewall.conf o (Optional) - specify an alias in /etc/shorewall/nat entries. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key