mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-25 15:48:56 +01:00
Look in routing table for gw IP if not P-T-P interface
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2162 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
0a4ee8284d
commit
57997027d8
@ -1,3 +1,11 @@
|
|||||||
|
Changes in 2.4.0-RC2
|
||||||
|
|
||||||
|
1) Relax "detect" restriction.
|
||||||
|
|
||||||
|
Changes in 2.4.0-RC1
|
||||||
|
|
||||||
|
1) Fix output from firewall itself vis-a-vis multiple providers.
|
||||||
|
|
||||||
Changes in 2.3.2
|
Changes in 2.3.2
|
||||||
|
|
||||||
1) Add support for -j ROUTE
|
1) Add support for -j ROUTE
|
||||||
|
@ -1094,7 +1094,22 @@ setup_providers()
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "x$gateway" = xdetect ] ; then
|
if [ "x$gateway" = xdetect ] ; then
|
||||||
|
#
|
||||||
|
# First assume that this is some sort of point-to-point interface
|
||||||
|
#
|
||||||
gateway=$( find_peer $(ip addr ls $interface ) )
|
gateway=$( find_peer $(ip addr ls $interface ) )
|
||||||
|
#
|
||||||
|
# Maybe there's a default route through this gateway already
|
||||||
|
#
|
||||||
|
[ -n "$gateway" ] || gateway=$(find_gateway $(ip route ls dev $interface))
|
||||||
|
#
|
||||||
|
# Last hope -- is there a load-balancing route through the interface?
|
||||||
|
#
|
||||||
|
[ -n "$gateway" ] || gateway=$(find_nexthop $interface)
|
||||||
|
#
|
||||||
|
# Be sure we found one
|
||||||
|
#
|
||||||
|
[ -n "$gateway" ] || fatal_error "Unable to detect the gateway through interface $interface"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
ensure_and_save_command ip route add default via $gateway dev $interface table $number
|
ensure_and_save_command ip route add default via $gateway dev $interface table $number
|
||||||
@ -1150,7 +1165,7 @@ setup_providers()
|
|||||||
|
|
||||||
if [ -n "$PROVIDERS" ]; then
|
if [ -n "$PROVIDERS" ]; then
|
||||||
if [ -n "$DEFAULT_ROUTE" ]; then
|
if [ -n "$DEFAULT_ROUTE" ]; then
|
||||||
run_ip route replace default scope global $DEFAULT_ROUTE
|
run_ip route replace default scope global metric 1 $DEFAULT_ROUTE"
|
||||||
progress_message " Default route $DEFAULT_ROUTE Added."
|
progress_message " Default route $DEFAULT_ROUTE Added."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -823,6 +823,14 @@ find_rt_interface() {
|
|||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Try to find the gateway through an interface looking for 'nexthop'
|
||||||
|
|
||||||
|
find_nexthop() # $1 = interface
|
||||||
|
{
|
||||||
|
echo $(find_gateway `ip route ls | grep -E "[[:space:]]*nexthop.* $1"`)
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Find the default route's interface
|
# Find the default route's interface
|
||||||
#
|
#
|
||||||
|
@ -32,9 +32,8 @@
|
|||||||
#
|
#
|
||||||
# GATEWAY The IP address of the provider's gateway router.
|
# GATEWAY The IP address of the provider's gateway router.
|
||||||
#
|
#
|
||||||
# Users with point-to-point dynamic connections such
|
# You can enter "detect" here and Shorewall will
|
||||||
# as PPPoE, PPPoA and PPTP can enter "detect" here and
|
# attempt to detect the gateway automatically.
|
||||||
# Shorewall will automatically detect the gateway.
|
|
||||||
#
|
#
|
||||||
# OPTIONS A comma-separated list selected from the following:
|
# OPTIONS A comma-separated list selected from the following:
|
||||||
#
|
#
|
||||||
|
@ -1,20 +1,10 @@
|
|||||||
Shorewall 2.4.0-RC1
|
Shorewall 2.4.0-RC2
|
||||||
|
|
||||||
-----------------------------------------------------------------------
|
-----------------------------------------------------------------------
|
||||||
Problems Corrected since 2.3.2
|
Problems Corrected since 2.4.0-RC1
|
||||||
|
|
||||||
1) The /etc/shorewall/providers file is now installed correctly.
|
1) The value 'detect' in the GATEWAY column of the providers file
|
||||||
|
is no longer restricted to P-T-P interfaces.
|
||||||
2) "shorewall restart" now works correctly when multiple providers
|
|
||||||
with load-balancing were specified when Shorewall was originally
|
|
||||||
started.
|
|
||||||
|
|
||||||
3) Routes created by entries in /etc/shorewall/proxyarp are now
|
|
||||||
copied to new routing tables created by entries in
|
|
||||||
/etc/shorewall/providers.
|
|
||||||
|
|
||||||
4) Where multiple internet providers were configured, traffic from the
|
|
||||||
firewall itself was mishandled.
|
|
||||||
|
|
||||||
-----------------------------------------------------------------------
|
-----------------------------------------------------------------------
|
||||||
Upgrade Issues when moving to 2.4.0
|
Upgrade Issues when moving to 2.4.0
|
||||||
@ -52,6 +42,9 @@ New Features in version 2.4.0
|
|||||||
/etc/shorewall/interfaces.
|
/etc/shorewall/interfaces.
|
||||||
|
|
||||||
GATEWAY The IP address of the provider's gateway router.
|
GATEWAY The IP address of the provider's gateway router.
|
||||||
|
If you enter "detect" here then Shorewall will
|
||||||
|
attempt to determine the gateway IP address
|
||||||
|
automatically.
|
||||||
|
|
||||||
OPTIONS A comma-separated list selected from the
|
OPTIONS A comma-separated list selected from the
|
||||||
following:
|
following:
|
||||||
|
Loading…
Reference in New Issue
Block a user