From 5185a8a54a418ae0b81ed2f772fa1433f211faff Mon Sep 17 00:00:00 2001 From: teastep Date: Thu, 29 Sep 2005 15:21:48 +0000 Subject: [PATCH] Add warning about side effects of ADD_SNAT_ALIASES and ADD_IP_ALIASES git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2746 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-docs2/Documentation.xml | 16 +++++++- .../Shorewall_and_Aliased_Interfaces.xml | 38 +++++++++++++------ 2 files changed, 42 insertions(+), 12 deletions(-) diff --git a/Shorewall-docs2/Documentation.xml b/Shorewall-docs2/Documentation.xml index 2c8648a23..78071cea7 100644 --- a/Shorewall-docs2/Documentation.xml +++ b/Shorewall-docs2/Documentation.xml @@ -15,7 +15,7 @@ - 2005-09-12 + 2005-09-29 2001-2005 @@ -3365,6 +3365,13 @@ LOGBURST=5 If this variable is not set or is given an empty value (ADD_IP_ALIASES="") then ADD_IP_ALIASES=Yes is assumed. + + + Addresses added by ADD_IP_ALIASES=Yes are deleted and + re-added during shorewall restart. As a + consequence, all connections using those addresses are + severed. + @@ -3382,6 +3389,13 @@ LOGBURST=5 If this variable is not set or is given an empty value (ADD_SNAT_ALIASES="") then ADD_SNAT_ALIASES=No is assumed. + + + Addresses added by ADD_SNAT_ALIASES=Yes are deleted and + re-added during shorewall restart. As a + consequence, all connections using those addresses are + severed. + diff --git a/Shorewall-docs2/Shorewall_and_Aliased_Interfaces.xml b/Shorewall-docs2/Shorewall_and_Aliased_Interfaces.xml index 0c57c613a..8d86ef05d 100644 --- a/Shorewall-docs2/Shorewall_and_Aliased_Interfaces.xml +++ b/Shorewall-docs2/Shorewall_and_Aliased_Interfaces.xml @@ -15,7 +15,7 @@ - 2005-09-03 + 2005-09-29 2001-2005 @@ -190,11 +190,19 @@ eth0 eth1 206.124.146.178 Shorewall can create the alias (additional address) for you if you set ADD_SNAT_ALIASES=Yes in - /etc/shorewall/shorewall.conf. Beginning with - Shorewall 1.3.14, Shorewall can actually create the label - (virtual interface) so that you can see the created address using - ifconfig. In addition to setting ADD_SNAT_ALIASES=Yes, you specify the - virtual interface name in the INTERFACE column as follows. + /etc/shorewall/shorewall.conf. + + + Addresses added by ADD_SNAT_ALIASES=Yes are deleted and re-added + during shorewall restart. As a consequence, all + connections using those addresses are severed. + + + Beginning with Shorewall 1.3.14, Shorewall can actually create the + label (virtual interface) so that you can see the created + address using ifconfig. In addition to setting ADD_SNAT_ALIASES=Yes, you + specify the virtual interface name in the INTERFACE column as + follows. /etc/shorewall/masq#INTERFACE SUBNET ADDRESS eth0:0 eth1 206.124.146.178 @@ -227,11 +235,19 @@ eth0:2 = 206.124.146.180 206.124.146.178 eth0 192.168.1.3 no no Shorewall can create the alias (additional address) for you if you - set ADD_IP_ALIASES=Yes in /etc/shorewall/shorewall.conf. Beginning with - Shorewall 1.3.14, Shorewall can actually create the label - (virtual interface) so that you can see the created address using - ifconfig. In addition to setting ADD_IP_ALIASES=Yes, you specify the - virtual interface name in the INTERFACE column as follows. + set ADD_IP_ALIASES=Yes in /etc/shorewall/shorewall.conf. + + + Addresses added by ADD_IP_ALIASES=Yes are deleted and re-added + during shorewall restart. As a consequence, all + connections using those addresses are severed. + + + Beginning with Shorewall 1.3.14, Shorewall can actually create the + label (virtual interface) so that you can see the created + address using ifconfig. In addition to setting ADD_IP_ALIASES=Yes, you + specify the virtual interface name in the INTERFACE column as + follows. /etc/shorewall/nat#EXTERNAL INTERFACE INTERNAL ALL INTERFACES LOCAL 206.124.146.178 eth0:0 192.168.1.3 no no