Shorewall users - Feb 2005 - RE: Problems With NAT/Multi IPs Settings... Sho rewall 2.2

>What does that mean?
In the Mandrake control center, the options for DNS Servers get wiped out...
I think this is just a Mandrake issues. Was just the one issue that got me
convincedto switch to Fedora
>Groan
Yes, I''ve groaned much since =(
>Exact error messages are helpful -- vague references to "...or
>something..." are not helpful.
Sorry about that.. I''m usually very good about posting correct errors
messages but I was far from our server room at the time of the post
>This sounds like you have ADD_IP_ALIASES=Yes in shorewall.conf.
Yes, you are correct. I turned that off, and lo and behold the settings were
now being accepted once again. Still not working, but I''m leaving the
office
now so no time to continue.
 
>If you are configuring eth0:1 using a tool included with
>Mandrake/Fedora/Debian/Slackware/Gentoo/<whatever distribution you have
>installed today> then you do not want ADD_IP_ALIASES=Yes in
shorewall.conf.
>See http://shorewall.net/Shorewall_and_Aliased_Interfaces.html for
>additional information about configuring multiple addresses on an
interface.


I will read up on this tonight. Unfortunately I am leaving the office right
now, but I have it replicated at home.

But if I understand you correctly, if I leave the GUI network settings
untouched, and leave it up to shorewall to alias my entries, then it should
be ok?

I''ll play around tonight, keep a log, and post back tomorrow....

Sorry if I sound like a n00b, but I am.. lol =)

Dan Mayer wrote:
> 
>>If you are configuring eth0:1 using a tool included with
>>Mandrake/Fedora/Debian/Slackware/Gentoo/<whatever distribution you
have
>>installed today> then you do not want ADD_IP_ALIASES=Yes in
shorewall.conf.
> 
> 
>>See http://shorewall.net/Shorewall_and_Aliased_Interfaces.html for
>>additional information about configuring multiple addresses on an
> 
> interface.
> 
> 
> I will read up on this tonight. Unfortunately I am leaving the office right
> now, but I have it replicated at home.
> 
> But if I understand you correctly, if I leave the GUI network settings
> untouched, and leave it up to shorewall to alias my entries, then it should
> be ok?
The important thing is to either configure the aliases using the GUI OR
let Shorewall do it but NOT BOTH.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

-----Original Message-----
From: shorewall-users-bounces@lists.shorewall.net
[mailto:shorewall-users-bounces@lists.shorewall.net]On Behalf Of Tom
Eastep
Sent: Monday, February 07, 2005 4:30 PM
To: Mailing List for Shorewall Users
Cc: ''teknion@xvi.com''
Subject: Re: [Shorewall-users] Problems With NAT/Multi IPs Settings...
Sho rewall 2.2

So I shouldn''t even use ifconfig even?
>The important thing is to either configure the aliases using the GUI OR
>let Shorewall do it but NOT BOTH.
-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
_______________________________________________
Shorewall-users mailing list
Post: Shorewall-users@lists.shorewall.net
Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
Support: http://www.shorewall.net/support.htm
FAQ: http://www.shorewall.net/FAQ.htm

Dan Mayer wrote:
> 
> -----Original Message-----
> From: shorewall-users-bounces@lists.shorewall.net
> [mailto:shorewall-users-bounces@lists.shorewall.net]On Behalf Of Tom
> Eastep
> Sent: Monday, February 07, 2005 4:30 PM
> To: Mailing List for Shorewall Users
> Cc: ''teknion@xvi.com''
> Subject: Re: [Shorewall-users] Problems With NAT/Multi IPs Settings...
> Sho rewall 2.2
> 
> So I shouldn''t even use ifconfig even?
I wouldn''t use ifconfig under any circumstances since its use is
deprecated. To try to make it clear:

Choice A:

	o Configure ALL IP addresses on ALL INTERFACES using the GUI
	o Set ADD_IP_ALIASES=No in shorewall.conf

Choice B:

	o Configure all PRIMARY IP addresses on ALL INTERFACES using the GUI.
	o Set ADD_IP_ALIASES=Yes in shorewall.conf
	o (Optional) - specify an alias in /etc/shorewall/nat entries.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key