Allow IP address of interface to be specified in /etc/shorewall/providers

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7709 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-11-21 16:28:36 +00:00
parent 616f3e0016
commit 636629a063
4 changed files with 35 additions and 16 deletions

View File

@ -4,6 +4,8 @@ Changes in 4.1.1
2) Fix NFQUEUE(<queue-num>) in Policy file. 2) Fix NFQUEUE(<queue-num>) in Policy file.
3) Allow specifying an address in the Providers file.
Changes in 4.1.0. Changes in 4.1.0.
1) Add 'shared' provider option. 1) Add 'shared' provider option.

View File

@ -19,7 +19,8 @@ Problems corrected in Shorewall 4.1.1.
Other changes in Shorewall 4.1.1. Other changes in Shorewall 4.1.1.
None. 1) You may now specify an interface address in the INTERFACE column of
/etc/shorewall/providers. See New Feature 1) below.
New Features in Shorewall 4.1. New Features in Shorewall 4.1.
@ -42,26 +43,39 @@ New Features in Shorewall 4.1.
iptables. If you use a capabilities file, you need to regenerate iptables. If you use a capabilities file, you need to regenerate
the file with Shorewall 4.0.6 or Shorewall-lite 4.0.6. the file with Shorewall 4.0.6 or Shorewall-lite 4.0.6.
e) You specify the address on the interface that corresponds to a
particular provider in the INTERFACE column by following the
interface name with a colon (":") and the address.
f) You must add route_rules entries for networks that are accessed
through a particular provider.
Example: Example:
Providers Blarg (1) and Avvanta (2) are both connected to Providers Blarg (1) and Avvanta (2) are both connected to
eth0. The firewall's IP address with Blarg is 206.124.146.176 eth0. The firewall's IP address with Blarg is 206.124.146.176/24
(gateway 206.124.146.254) and the IP address from Avvanta is (gateway 206.124.146.254) and the IP address from Avvanta is
130.252.144.8 (gateway 130.252.144.254). 130.252.144.8/24 (gateway 130.252.144.254).
/etc/shorewall/providers: /etc/shorewall/providers:
#PROVIDER NUMBER MARK DUPLICATE GATEWAY OPTIONS #PROVIDER NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS
Blarg 1 1 main 206.124.146.254 shared,... Blarg 1 1 main eth0:206.124.146.176 206.124.146.254 shared,...
Avvanta 2 2 main 130.252.144.254 shared,... Avvanta 2 2 main eth0:130.252.144.8 130.252.144.254 shared,...
/etc/shorewall/masq: /etc/shorewall/masq:
#INTERFACE SOURCE ADDRESS #INTERFACE SOURCE ADDRESS
eth0(Blarg) 130.252.144.254 206.124.146.176 eth0(Blarg) 130.252.144.8 206.124.146.176
eth0(Avvanta) 206.124.146.176 130.252.144.254 eth0(Avvanta) 206.124.146.176 130.252.144.8
eth0(Blarg) eth1 206.124.146.176 eth0(Blarg) eth1 206.124.146.176
eth0(Avvanta) eth1 130.252.144.254 eth0(Avvanta) eth1 130.252.144.8
/etc/shorewall/route_rules:
#SOURCE DEST PROVIDER PRIORITY
- 206.124.146.0/24 Blarg 1000
- 130.252.144.0/24 Avvanta 1000
2) You may now include the name of a table (nat, mangle or filter) in 2) You may now include the name of a table (nat, mangle or filter) in
a 'shorewall refresh' command by following the name with a colon a 'shorewall refresh' command by following the name with a colon

View File

@ -198,6 +198,10 @@ sub add_a_provider( $$$$$$$$ ) {
fatal_error "Duplicate provider number ($number)" if $providerref->{number} == $number; fatal_error "Duplicate provider number ($number)" if $providerref->{number} == $number;
} }
( $interface, my $address ) = split /:/, $interface;
validate_address $address, 0 if defined $address;
fatal_error "Unknown Interface ($interface)" unless known_interface $interface; fatal_error "Unknown Interface ($interface)" unless known_interface $interface;
my $provider = chain_base $table; my $provider = chain_base $table;
@ -211,14 +215,12 @@ sub add_a_provider( $$$$$$$$ ) {
emit "qt ip route flush table $number"; emit "qt ip route flush table $number";
emit "echo \"qt ip route flush table $number\" >> \${VARDIR}/undo_routing"; emit "echo \"qt ip route flush table $number\" >> \${VARDIR}/undo_routing";
my $variable;
if ( $gateway eq 'detect' ) { if ( $gateway eq 'detect' ) {
$variable = get_interface_address $interface; $address = get_interface_address $interface unless $address;
$gateway = get_interface_gateway $interface; $gateway = get_interface_gateway $interface;
} elsif ( $gateway && $gateway ne '-' ) { } elsif ( $gateway && $gateway ne '-' ) {
validate_address $gateway, 0; validate_address $gateway, 0;
$variable = get_interface_address $interface; $address = get_interface_address $interface unless $address;
} else { } else {
$gateway = ''; $gateway = '';
emit "run_ip route add default dev $interface table $number"; emit "run_ip route add default dev $interface table $number";
@ -324,7 +326,7 @@ sub add_a_provider( $$$$$$$$ ) {
} }
if ( $gateway ) { if ( $gateway ) {
emit "run_ip route replace $gateway src $variable dev $interface table $number $realm"; emit "run_ip route replace $gateway src $address dev $interface table $number $realm";
emit "run_ip route add default via $gateway dev $interface table $number $realm"; emit "run_ip route add default via $gateway dev $interface table $number $realm";
} }

View File

@ -21,7 +21,7 @@ Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the
license is included in the section entitled “<a href="GnuCopyright.htm" license is included in the section entitled “<a href="GnuCopyright.htm"
target="_self">GNU Free Documentation License</a>”.</p> target="_self">GNU Free Documentation License</a>”.</p>
<p>2007-11-19</p> <p>2007-11-20</p>
<hr style="width: 100%; height: 2px;"> <hr style="width: 100%; height: 2px;">
<h2>Table of Contents</h2> <h2>Table of Contents</h2>
@ -145,7 +145,8 @@ The <span style="font-weight: bold;">current Development Release</span> is
notes</a></li> notes</a></li>
<li>Here are the <a <li>Here are the <a
href="http://www1.shorewall.net/pub/shorewall/development/4.1/shorewall-4.1.0/known_problems.txt">known href="http://www1.shorewall.net/pub/shorewall/development/4.1/shorewall-4.1.0/known_problems.txt">known
problems</a></li> problems</a> and <a
href="http://www1.shorewall.net/pub/shorewall/development/4.1/shorewall-4.1.0/errata/">updates</a>.</li>
</ul> </ul>
</div> </div>