From 57997027d852685cdc872b8f263de1493ba91572 Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 23 May 2005 15:06:50 +0000 Subject: [PATCH] Look in routing table for gw IP if not P-T-P interface git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2162 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall2/changelog.txt | 8 ++++++++ Shorewall2/firewall | 17 ++++++++++++++++- Shorewall2/functions | 8 ++++++++ Shorewall2/providers | 5 ++--- Shorewall2/releasenotes.txt | 21 +++++++-------------- 5 files changed, 41 insertions(+), 18 deletions(-) diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt index 726fddde0..9b50fc1da 100644 --- a/Shorewall2/changelog.txt +++ b/Shorewall2/changelog.txt @@ -1,3 +1,11 @@ +Changes in 2.4.0-RC2 + +1) Relax "detect" restriction. + +Changes in 2.4.0-RC1 + +1) Fix output from firewall itself vis-a-vis multiple providers. + Changes in 2.3.2 1) Add support for -j ROUTE diff --git a/Shorewall2/firewall b/Shorewall2/firewall index ec21f6b3a..df834b390 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -1094,7 +1094,22 @@ setup_providers() fi if [ "x$gateway" = xdetect ] ; then + # + # First assume that this is some sort of point-to-point interface + # gateway=$( find_peer $(ip addr ls $interface ) ) + # + # Maybe there's a default route through this gateway already + # + [ -n "$gateway" ] || gateway=$(find_gateway $(ip route ls dev $interface)) + # + # Last hope -- is there a load-balancing route through the interface? + # + [ -n "$gateway" ] || gateway=$(find_nexthop $interface) + # + # Be sure we found one + # + [ -n "$gateway" ] || fatal_error "Unable to detect the gateway through interface $interface" fi ensure_and_save_command ip route add default via $gateway dev $interface table $number @@ -1150,7 +1165,7 @@ setup_providers() if [ -n "$PROVIDERS" ]; then if [ -n "$DEFAULT_ROUTE" ]; then - run_ip route replace default scope global $DEFAULT_ROUTE + run_ip route replace default scope global metric 1 $DEFAULT_ROUTE" progress_message " Default route $DEFAULT_ROUTE Added." fi diff --git a/Shorewall2/functions b/Shorewall2/functions index 4fa81a821..7a098bc50 100755 --- a/Shorewall2/functions +++ b/Shorewall2/functions @@ -823,6 +823,14 @@ find_rt_interface() { done } +# +# Try to find the gateway through an interface looking for 'nexthop' + +find_nexthop() # $1 = interface +{ + echo $(find_gateway `ip route ls | grep -E "[[:space:]]*nexthop.* $1"`) +} + # # Find the default route's interface # diff --git a/Shorewall2/providers b/Shorewall2/providers index 0e18099ad..4dba84ede 100755 --- a/Shorewall2/providers +++ b/Shorewall2/providers @@ -32,9 +32,8 @@ # # GATEWAY The IP address of the provider's gateway router. # -# Users with point-to-point dynamic connections such -# as PPPoE, PPPoA and PPTP can enter "detect" here and -# Shorewall will automatically detect the gateway. +# You can enter "detect" here and Shorewall will +# attempt to detect the gateway automatically. # # OPTIONS A comma-separated list selected from the following: # diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt index fa30f2293..a8f1303a8 100755 --- a/Shorewall2/releasenotes.txt +++ b/Shorewall2/releasenotes.txt @@ -1,20 +1,10 @@ -Shorewall 2.4.0-RC1 +Shorewall 2.4.0-RC2 ----------------------------------------------------------------------- -Problems Corrected since 2.3.2 +Problems Corrected since 2.4.0-RC1 -1) The /etc/shorewall/providers file is now installed correctly. - -2) "shorewall restart" now works correctly when multiple providers - with load-balancing were specified when Shorewall was originally - started. - -3) Routes created by entries in /etc/shorewall/proxyarp are now - copied to new routing tables created by entries in - /etc/shorewall/providers. - -4) Where multiple internet providers were configured, traffic from the - firewall itself was mishandled. +1) The value 'detect' in the GATEWAY column of the providers file + is no longer restricted to P-T-P interfaces. ----------------------------------------------------------------------- Upgrade Issues when moving to 2.4.0 @@ -52,6 +42,9 @@ New Features in version 2.4.0 /etc/shorewall/interfaces. GATEWAY The IP address of the provider's gateway router. + If you enter "detect" here then Shorewall will + attempt to determine the gateway IP address + automatically. OPTIONS A comma-separated list selected from the following: