Hi there, is there a way to use Shorewall to specifiy which ppp interface should come up when a specific ip asks for? I have triple play Shorewall, openswan and xl2tpd to get a lot of roadwarriors to work. Today I have divided every assigned ip range from xl2tpd into different shorewall zones. Each roadwarrior has to access different vlans/tables which are present on the Shorewall itself. To bring them in I use ip rule. For example. Roadwarrior 172.16.255.2 dials in. Shorewall adds a ppp0 for him. Now I say ip rule add from 172.16.255.2 lookup "whatever" But I want to say ip rule add from 172.16.255.2 iif ppp5 lookup "whatever" Is there a way to tell Shorewall that it should assign ppp5 to ip 172.16.255.2? Thanks in advance. Cheers Mike ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
On Tue, Nov 04, 2008 at 01:28:34AM +0100, Michael Weickel - iQom Business wrote:> > Is there a way to tell Shorewall that it should assign ppp5 to ip > 172.16.255.2? >I don''t think that Shorewall has (or even should have) anything to with that. Rather, that is something for xl2tpd and pppd to figure out. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Hi, I don''t think its shorewalls job to assign interfaces. With pppd I use ''unit x'' in the peers config file where x is the ppp interface number. That way I can assure right shorewall rules are applied to each interface. Regards Chris -----Original Message----- From: Roberto C. Sánchez <roberto@connexer.com> Sent: 04 November 2008 04:55 To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] multiple ppp+ interfaces On Tue, Nov 04, 2008 at 01:28:34AM +0100, Michael Weickel - iQom Business wrote:> > Is there a way to tell Shorewall that it should assign ppp5 to ip > 172.16.255.2? >I don''t think that Shorewall has (or even should have) anything to with that. Rather, that is something for xl2tpd and pppd to figure out. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Chris Morley wrote:> Hi, I don''t think its shorewalls job to assign interfaces. With pppd I use ''unit x'' in the peers config file where x is the ppp interface number. That way I can assure right shorewall rules are applied to each interface.I agree with Chris and Roberto. I''m not clear what exact problem Michael is trying to solve but if it involves the interface address, it is possible to store the IP address of an interface into a shell variable and to use that variable in the configuration files. There is an example in Shorewall FAQ 2. In addition to find_first_interface_address(), there is a find_first_interface_address_if_any() function. That function will return 0.0.0.0 if the passed interface has no IPv4 address. For more information about using shell variables, see http://www.shorewall.net/configuration_file_basics.htm#Variables -Tom -- Tom Eastep \ The ultimate result of shielding men from the effects of Shoreline, \ folly is to fill the world with fools. Washington, USA \ -- Herbert Spencer ------------------------------------------------------------------------ http://www.shorewall.net ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/