mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 14:48:51 +01:00
Allow IP address of interface to be specified in /etc/shorewall/providers
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7709 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
616f3e0016
commit
636629a063
@ -4,6 +4,8 @@ Changes in 4.1.1
|
||||
|
||||
2) Fix NFQUEUE(<queue-num>) in Policy file.
|
||||
|
||||
3) Allow specifying an address in the Providers file.
|
||||
|
||||
Changes in 4.1.0.
|
||||
|
||||
1) Add 'shared' provider option.
|
||||
|
@ -19,7 +19,8 @@ Problems corrected in Shorewall 4.1.1.
|
||||
|
||||
Other changes in Shorewall 4.1.1.
|
||||
|
||||
None.
|
||||
1) You may now specify an interface address in the INTERFACE column of
|
||||
/etc/shorewall/providers. See New Feature 1) below.
|
||||
|
||||
New Features in Shorewall 4.1.
|
||||
|
||||
@ -42,26 +43,39 @@ New Features in Shorewall 4.1.
|
||||
iptables. If you use a capabilities file, you need to regenerate
|
||||
the file with Shorewall 4.0.6 or Shorewall-lite 4.0.6.
|
||||
|
||||
e) You specify the address on the interface that corresponds to a
|
||||
particular provider in the INTERFACE column by following the
|
||||
interface name with a colon (":") and the address.
|
||||
|
||||
f) You must add route_rules entries for networks that are accessed
|
||||
through a particular provider.
|
||||
|
||||
Example:
|
||||
|
||||
Providers Blarg (1) and Avvanta (2) are both connected to
|
||||
eth0. The firewall's IP address with Blarg is 206.124.146.176
|
||||
eth0. The firewall's IP address with Blarg is 206.124.146.176/24
|
||||
(gateway 206.124.146.254) and the IP address from Avvanta is
|
||||
130.252.144.8 (gateway 130.252.144.254).
|
||||
130.252.144.8/24 (gateway 130.252.144.254).
|
||||
|
||||
/etc/shorewall/providers:
|
||||
|
||||
#PROVIDER NUMBER MARK DUPLICATE GATEWAY OPTIONS
|
||||
Blarg 1 1 main 206.124.146.254 shared,...
|
||||
Avvanta 2 2 main 130.252.144.254 shared,...
|
||||
#PROVIDER NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS
|
||||
Blarg 1 1 main eth0:206.124.146.176 206.124.146.254 shared,...
|
||||
Avvanta 2 2 main eth0:130.252.144.8 130.252.144.254 shared,...
|
||||
|
||||
/etc/shorewall/masq:
|
||||
|
||||
#INTERFACE SOURCE ADDRESS
|
||||
eth0(Blarg) 130.252.144.254 206.124.146.176
|
||||
eth0(Avvanta) 206.124.146.176 130.252.144.254
|
||||
eth0(Blarg) 130.252.144.8 206.124.146.176
|
||||
eth0(Avvanta) 206.124.146.176 130.252.144.8
|
||||
eth0(Blarg) eth1 206.124.146.176
|
||||
eth0(Avvanta) eth1 130.252.144.254
|
||||
eth0(Avvanta) eth1 130.252.144.8
|
||||
|
||||
/etc/shorewall/route_rules:
|
||||
|
||||
#SOURCE DEST PROVIDER PRIORITY
|
||||
- 206.124.146.0/24 Blarg 1000
|
||||
- 130.252.144.0/24 Avvanta 1000
|
||||
|
||||
2) You may now include the name of a table (nat, mangle or filter) in
|
||||
a 'shorewall refresh' command by following the name with a colon
|
||||
|
@ -198,6 +198,10 @@ sub add_a_provider( $$$$$$$$ ) {
|
||||
fatal_error "Duplicate provider number ($number)" if $providerref->{number} == $number;
|
||||
}
|
||||
|
||||
( $interface, my $address ) = split /:/, $interface;
|
||||
|
||||
validate_address $address, 0 if defined $address;
|
||||
|
||||
fatal_error "Unknown Interface ($interface)" unless known_interface $interface;
|
||||
|
||||
my $provider = chain_base $table;
|
||||
@ -211,14 +215,12 @@ sub add_a_provider( $$$$$$$$ ) {
|
||||
emit "qt ip route flush table $number";
|
||||
emit "echo \"qt ip route flush table $number\" >> \${VARDIR}/undo_routing";
|
||||
|
||||
my $variable;
|
||||
|
||||
if ( $gateway eq 'detect' ) {
|
||||
$variable = get_interface_address $interface;
|
||||
$address = get_interface_address $interface unless $address;
|
||||
$gateway = get_interface_gateway $interface;
|
||||
} elsif ( $gateway && $gateway ne '-' ) {
|
||||
validate_address $gateway, 0;
|
||||
$variable = get_interface_address $interface;
|
||||
$address = get_interface_address $interface unless $address;
|
||||
} else {
|
||||
$gateway = '';
|
||||
emit "run_ip route add default dev $interface table $number";
|
||||
@ -324,7 +326,7 @@ sub add_a_provider( $$$$$$$$ ) {
|
||||
}
|
||||
|
||||
if ( $gateway ) {
|
||||
emit "run_ip route replace $gateway src $variable dev $interface table $number $realm";
|
||||
emit "run_ip route replace $gateway src $address dev $interface table $number $realm";
|
||||
emit "run_ip route add default via $gateway dev $interface table $number $realm";
|
||||
}
|
||||
|
||||
|
@ -21,7 +21,7 @@ Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the
|
||||
license is included in the section entitled “<a href="GnuCopyright.htm"
|
||||
target="_self">GNU Free Documentation License</a>”.</p>
|
||||
|
||||
<p>2007-11-19</p>
|
||||
<p>2007-11-20</p>
|
||||
<hr style="width: 100%; height: 2px;">
|
||||
|
||||
<h2>Table of Contents</h2>
|
||||
@ -145,7 +145,8 @@ The <span style="font-weight: bold;">current Development Release</span> is
|
||||
notes</a></li>
|
||||
<li>Here are the <a
|
||||
href="http://www1.shorewall.net/pub/shorewall/development/4.1/shorewall-4.1.0/known_problems.txt">known
|
||||
problems</a></li>
|
||||
problems</a> and <a
|
||||
href="http://www1.shorewall.net/pub/shorewall/development/4.1/shorewall-4.1.0/errata/">updates</a>.</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user