Allow IP address of interface to be specified in /etc/shorewall/providers

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7709 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-11-21 16:28:36 +00:00
parent 616f3e0016
commit 636629a063
4 changed files with 35 additions and 16 deletions

View File

@ -4,6 +4,8 @@ Changes in 4.1.1
2) Fix NFQUEUE(<queue-num>) in Policy file.
3) Allow specifying an address in the Providers file.
Changes in 4.1.0.
1) Add 'shared' provider option.

View File

@ -19,7 +19,8 @@ Problems corrected in Shorewall 4.1.1.
Other changes in Shorewall 4.1.1.
None.
1) You may now specify an interface address in the INTERFACE column of
/etc/shorewall/providers. See New Feature 1) below.
New Features in Shorewall 4.1.
@ -42,26 +43,39 @@ New Features in Shorewall 4.1.
iptables. If you use a capabilities file, you need to regenerate
the file with Shorewall 4.0.6 or Shorewall-lite 4.0.6.
e) You specify the address on the interface that corresponds to a
particular provider in the INTERFACE column by following the
interface name with a colon (":") and the address.
f) You must add route_rules entries for networks that are accessed
through a particular provider.
Example:
Providers Blarg (1) and Avvanta (2) are both connected to
eth0. The firewall's IP address with Blarg is 206.124.146.176
eth0. The firewall's IP address with Blarg is 206.124.146.176/24
(gateway 206.124.146.254) and the IP address from Avvanta is
130.252.144.8 (gateway 130.252.144.254).
130.252.144.8/24 (gateway 130.252.144.254).
/etc/shorewall/providers:
#PROVIDER NUMBER MARK DUPLICATE GATEWAY OPTIONS
Blarg 1 1 main 206.124.146.254 shared,...
Avvanta 2 2 main 130.252.144.254 shared,...
#PROVIDER NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS
Blarg 1 1 main eth0:206.124.146.176 206.124.146.254 shared,...
Avvanta 2 2 main eth0:130.252.144.8 130.252.144.254 shared,...
/etc/shorewall/masq:
#INTERFACE SOURCE ADDRESS
eth0(Blarg) 130.252.144.254 206.124.146.176
eth0(Avvanta) 206.124.146.176 130.252.144.254
eth0(Blarg) 130.252.144.8 206.124.146.176
eth0(Avvanta) 206.124.146.176 130.252.144.8
eth0(Blarg) eth1 206.124.146.176
eth0(Avvanta) eth1 130.252.144.254
eth0(Avvanta) eth1 130.252.144.8
/etc/shorewall/route_rules:
#SOURCE DEST PROVIDER PRIORITY
- 206.124.146.0/24 Blarg 1000
- 130.252.144.0/24 Avvanta 1000
2) You may now include the name of a table (nat, mangle or filter) in
a 'shorewall refresh' command by following the name with a colon

View File

@ -198,6 +198,10 @@ sub add_a_provider( $$$$$$$$ ) {
fatal_error "Duplicate provider number ($number)" if $providerref->{number} == $number;
}
( $interface, my $address ) = split /:/, $interface;
validate_address $address, 0 if defined $address;
fatal_error "Unknown Interface ($interface)" unless known_interface $interface;
my $provider = chain_base $table;
@ -211,14 +215,12 @@ sub add_a_provider( $$$$$$$$ ) {
emit "qt ip route flush table $number";
emit "echo \"qt ip route flush table $number\" >> \${VARDIR}/undo_routing";
my $variable;
if ( $gateway eq 'detect' ) {
$variable = get_interface_address $interface;
$address = get_interface_address $interface unless $address;
$gateway = get_interface_gateway $interface;
} elsif ( $gateway && $gateway ne '-' ) {
validate_address $gateway, 0;
$variable = get_interface_address $interface;
$address = get_interface_address $interface unless $address;
} else {
$gateway = '';
emit "run_ip route add default dev $interface table $number";
@ -324,7 +326,7 @@ sub add_a_provider( $$$$$$$$ ) {
}
if ( $gateway ) {
emit "run_ip route replace $gateway src $variable dev $interface table $number $realm";
emit "run_ip route replace $gateway src $address dev $interface table $number $realm";
emit "run_ip route add default via $gateway dev $interface table $number $realm";
}

View File

@ -21,7 +21,7 @@ Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the
license is included in the section entitled “<a href="GnuCopyright.htm"
target="_self">GNU Free Documentation License</a>”.</p>
<p>2007-11-19</p>
<p>2007-11-20</p>
<hr style="width: 100%; height: 2px;">
<h2>Table of Contents</h2>
@ -145,7 +145,8 @@ The <span style="font-weight: bold;">current Development Release</span> is
notes</a></li>
<li>Here are the <a
href="http://www1.shorewall.net/pub/shorewall/development/4.1/shorewall-4.1.0/known_problems.txt">known
problems</a></li>
problems</a> and <a
href="http://www1.shorewall.net/pub/shorewall/development/4.1/shorewall-4.1.0/errata/">updates</a>.</li>
</ul>
</div>