From 636629a063103edae363e89f43ccdd982198aef8 Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 21 Nov 2007 16:28:36 +0000 Subject: [PATCH] Allow IP address of interface to be specified in /etc/shorewall/providers git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7709 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-common/changelog.txt | 2 ++ Shorewall-common/releasenotes.txt | 32 +++++++++++++++++++-------- Shorewall-perl/Shorewall/Providers.pm | 12 +++++----- web/shorewall_index.htm | 5 +++-- 4 files changed, 35 insertions(+), 16 deletions(-) diff --git a/Shorewall-common/changelog.txt b/Shorewall-common/changelog.txt index e0dc861f8..dfc1f1ae8 100644 --- a/Shorewall-common/changelog.txt +++ b/Shorewall-common/changelog.txt @@ -4,6 +4,8 @@ Changes in 4.1.1 2) Fix NFQUEUE() in Policy file. +3) Allow specifying an address in the Providers file. + Changes in 4.1.0. 1) Add 'shared' provider option. diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt index 1af9c8d56..48ee41df8 100644 --- a/Shorewall-common/releasenotes.txt +++ b/Shorewall-common/releasenotes.txt @@ -19,7 +19,8 @@ Problems corrected in Shorewall 4.1.1. Other changes in Shorewall 4.1.1. -None. +1) You may now specify an interface address in the INTERFACE column of + /etc/shorewall/providers. See New Feature 1) below. New Features in Shorewall 4.1. @@ -42,26 +43,39 @@ New Features in Shorewall 4.1. iptables. If you use a capabilities file, you need to regenerate the file with Shorewall 4.0.6 or Shorewall-lite 4.0.6. + e) You specify the address on the interface that corresponds to a + particular provider in the INTERFACE column by following the + interface name with a colon (":") and the address. + + f) You must add route_rules entries for networks that are accessed + through a particular provider. + Example: Providers Blarg (1) and Avvanta (2) are both connected to - eth0. The firewall's IP address with Blarg is 206.124.146.176 + eth0. The firewall's IP address with Blarg is 206.124.146.176/24 (gateway 206.124.146.254) and the IP address from Avvanta is - 130.252.144.8 (gateway 130.252.144.254). + 130.252.144.8/24 (gateway 130.252.144.254). /etc/shorewall/providers: - #PROVIDER NUMBER MARK DUPLICATE GATEWAY OPTIONS - Blarg 1 1 main 206.124.146.254 shared,... - Avvanta 2 2 main 130.252.144.254 shared,... + #PROVIDER NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS + Blarg 1 1 main eth0:206.124.146.176 206.124.146.254 shared,... + Avvanta 2 2 main eth0:130.252.144.8 130.252.144.254 shared,... /etc/shorewall/masq: #INTERFACE SOURCE ADDRESS - eth0(Blarg) 130.252.144.254 206.124.146.176 - eth0(Avvanta) 206.124.146.176 130.252.144.254 + eth0(Blarg) 130.252.144.8 206.124.146.176 + eth0(Avvanta) 206.124.146.176 130.252.144.8 eth0(Blarg) eth1 206.124.146.176 - eth0(Avvanta) eth1 130.252.144.254 + eth0(Avvanta) eth1 130.252.144.8 + + /etc/shorewall/route_rules: + + #SOURCE DEST PROVIDER PRIORITY + - 206.124.146.0/24 Blarg 1000 + - 130.252.144.0/24 Avvanta 1000 2) You may now include the name of a table (nat, mangle or filter) in a 'shorewall refresh' command by following the name with a colon diff --git a/Shorewall-perl/Shorewall/Providers.pm b/Shorewall-perl/Shorewall/Providers.pm index b0ae6480f..4e087ff4b 100644 --- a/Shorewall-perl/Shorewall/Providers.pm +++ b/Shorewall-perl/Shorewall/Providers.pm @@ -198,6 +198,10 @@ sub add_a_provider( $$$$$$$$ ) { fatal_error "Duplicate provider number ($number)" if $providerref->{number} == $number; } + ( $interface, my $address ) = split /:/, $interface; + + validate_address $address, 0 if defined $address; + fatal_error "Unknown Interface ($interface)" unless known_interface $interface; my $provider = chain_base $table; @@ -211,14 +215,12 @@ sub add_a_provider( $$$$$$$$ ) { emit "qt ip route flush table $number"; emit "echo \"qt ip route flush table $number\" >> \${VARDIR}/undo_routing"; - my $variable; - if ( $gateway eq 'detect' ) { - $variable = get_interface_address $interface; + $address = get_interface_address $interface unless $address; $gateway = get_interface_gateway $interface; } elsif ( $gateway && $gateway ne '-' ) { validate_address $gateway, 0; - $variable = get_interface_address $interface; + $address = get_interface_address $interface unless $address; } else { $gateway = ''; emit "run_ip route add default dev $interface table $number"; @@ -324,7 +326,7 @@ sub add_a_provider( $$$$$$$$ ) { } if ( $gateway ) { - emit "run_ip route replace $gateway src $variable dev $interface table $number $realm"; + emit "run_ip route replace $gateway src $address dev $interface table $number $realm"; emit "run_ip route add default via $gateway dev $interface table $number $realm"; } diff --git a/web/shorewall_index.htm b/web/shorewall_index.htm index eebd6a6e2..8f9dd6774 100644 --- a/web/shorewall_index.htm +++ b/web/shorewall_index.htm @@ -21,7 +21,7 @@ Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”.

-

2007-11-19

+

2007-11-20


Table of Contents

@@ -145,7 +145,8 @@ The current Development Release is notes
  • Here are the known - problems
  • + problems and updates.