I''m currently using shorewall-perl 4.0.15 on Ubuntu 8.04 as the gateway/internet router for 5 vlans. I''m thinking of moving the routing between some of the internal lans to a layer 3 switch, which means the shorewall box will need some static routes to get internet traffic to flow back through the switch to the proper vlans. What''s the best way to get those routes to always be there so that shorewall won''t step on them? Brad C ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
Brad Clarke wrote:> I''m currently using shorewall-perl 4.0.15 on Ubuntu 8.04 as the > gateway/internet router for 5 vlans. I''m thinking of moving the > routing between some of the internal lans to a layer 3 switch, which > means the shorewall box will need some static routes to get internet > traffic to flow back through the switch to the proper vlans. What''s > the best way to get those routes to always be there so that shorewall > won''t step on them?Use your distribution''s network configuration tools. Shorewall doesn''t touch your routing unless: a) You have entries in /etc/shorewall/proxyarp that have ''Yes'' in the NOROUTE column. A route to the host is added during ''start'' and deleted during ''stop''. b) You have entries in /etc/shorewall/providers. The only changes that Shorewall makes to the ''main'' table involve the default route(s). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
Let''s try that again, but a little smaller :) On Thu, Jun 18, 2009 at 3:38 PM, Brad Clarke<brad@bradclarke.com> wrote:> I am currently using the providers file, though I hope to replace that > with an OSPF configuration soon (yet another thing I don''t know how to > do, but that''s for another day). > > Dumps attached. A point in the right direction would be appreciated. > > > Brad C > > On Thu, Jun 18, 2009 at 3:10 PM, Tom Eastep<teastep@shorewall.net> wrote: >> Brad Clarke wrote: >>> I''m currently using shorewall-perl 4.0.15 on Ubuntu 8.04 as the >>> gateway/internet router for 5 vlans. I''m thinking of moving the >>> routing between some of the internal lans to a layer 3 switch, which >>> means the shorewall box will need some static routes to get internet >>> traffic to flow back through the switch to the proper vlans. What''s >>> the best way to get those routes to always be there so that shorewall >>> won''t step on them? >> >> Use your distribution''s network configuration tools. >> >> Shorewall doesn''t touch your routing unless: >> >> a) You have entries in /etc/shorewall/proxyarp that have ''Yes'' in the >> NOROUTE column. A route to the host is added during ''start'' and >> deleted during ''stop''. >> >> b) You have entries in /etc/shorewall/providers. The only changes that >> Shorewall makes to the ''main'' table involve the default route(s). >> >> -Tom >> -- >> Tom Eastep \ When I die, I want to go like my Grandfather who >> Shoreline, \ died peacefully in his sleep. Not screaming like >> Washington, USA \ all of the passengers in his car >> http://shorewall.net \________________________________________________ >> >> >> ------------------------------------------------------------------------------ >> Crystal Reports - New Free Runtime and 30 Day Trial >> Check out the new simplified licensing option that enables unlimited >> royalty-free distribution of the report engine for externally facing >> server and web deployment. >> http://p.sf.net/sfu/businessobjects >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> >------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
Brad Clarke wrote:> Let''s try that again, but a little smaller :) >Add them in post-up commands in your /etc/network/interfaces file. e.g. post-up ip route add <network> via <gateway> dev <device> -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
Great, thanks! Brad C On Thu, Jun 18, 2009 at 4:40 PM, Tom Eastep<teastep@shorewall.net> wrote:> Brad Clarke wrote: >> Let''s try that again, but a little smaller :) >> > > Add them in post-up commands in your /etc/network/interfaces file. > > e.g. post-up ip route add <network> via <gateway> dev <device> > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > ------------------------------------------------------------------------------ > Crystal Reports - New Free Runtime and 30 Day Trial > Check out the new simplified licensing option that enables unlimited > royalty-free distribution of the report engine for externally facing > server and web deployment. > http://p.sf.net/sfu/businessobjects > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects