mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 22:58:52 +01:00
Allow IP address of interface to be specified in /etc/shorewall/providers
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7709 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
616f3e0016
commit
636629a063
@ -4,6 +4,8 @@ Changes in 4.1.1
|
|||||||
|
|
||||||
2) Fix NFQUEUE(<queue-num>) in Policy file.
|
2) Fix NFQUEUE(<queue-num>) in Policy file.
|
||||||
|
|
||||||
|
3) Allow specifying an address in the Providers file.
|
||||||
|
|
||||||
Changes in 4.1.0.
|
Changes in 4.1.0.
|
||||||
|
|
||||||
1) Add 'shared' provider option.
|
1) Add 'shared' provider option.
|
||||||
|
@ -19,7 +19,8 @@ Problems corrected in Shorewall 4.1.1.
|
|||||||
|
|
||||||
Other changes in Shorewall 4.1.1.
|
Other changes in Shorewall 4.1.1.
|
||||||
|
|
||||||
None.
|
1) You may now specify an interface address in the INTERFACE column of
|
||||||
|
/etc/shorewall/providers. See New Feature 1) below.
|
||||||
|
|
||||||
New Features in Shorewall 4.1.
|
New Features in Shorewall 4.1.
|
||||||
|
|
||||||
@ -42,26 +43,39 @@ New Features in Shorewall 4.1.
|
|||||||
iptables. If you use a capabilities file, you need to regenerate
|
iptables. If you use a capabilities file, you need to regenerate
|
||||||
the file with Shorewall 4.0.6 or Shorewall-lite 4.0.6.
|
the file with Shorewall 4.0.6 or Shorewall-lite 4.0.6.
|
||||||
|
|
||||||
|
e) You specify the address on the interface that corresponds to a
|
||||||
|
particular provider in the INTERFACE column by following the
|
||||||
|
interface name with a colon (":") and the address.
|
||||||
|
|
||||||
|
f) You must add route_rules entries for networks that are accessed
|
||||||
|
through a particular provider.
|
||||||
|
|
||||||
Example:
|
Example:
|
||||||
|
|
||||||
Providers Blarg (1) and Avvanta (2) are both connected to
|
Providers Blarg (1) and Avvanta (2) are both connected to
|
||||||
eth0. The firewall's IP address with Blarg is 206.124.146.176
|
eth0. The firewall's IP address with Blarg is 206.124.146.176/24
|
||||||
(gateway 206.124.146.254) and the IP address from Avvanta is
|
(gateway 206.124.146.254) and the IP address from Avvanta is
|
||||||
130.252.144.8 (gateway 130.252.144.254).
|
130.252.144.8/24 (gateway 130.252.144.254).
|
||||||
|
|
||||||
/etc/shorewall/providers:
|
/etc/shorewall/providers:
|
||||||
|
|
||||||
#PROVIDER NUMBER MARK DUPLICATE GATEWAY OPTIONS
|
#PROVIDER NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS
|
||||||
Blarg 1 1 main 206.124.146.254 shared,...
|
Blarg 1 1 main eth0:206.124.146.176 206.124.146.254 shared,...
|
||||||
Avvanta 2 2 main 130.252.144.254 shared,...
|
Avvanta 2 2 main eth0:130.252.144.8 130.252.144.254 shared,...
|
||||||
|
|
||||||
/etc/shorewall/masq:
|
/etc/shorewall/masq:
|
||||||
|
|
||||||
#INTERFACE SOURCE ADDRESS
|
#INTERFACE SOURCE ADDRESS
|
||||||
eth0(Blarg) 130.252.144.254 206.124.146.176
|
eth0(Blarg) 130.252.144.8 206.124.146.176
|
||||||
eth0(Avvanta) 206.124.146.176 130.252.144.254
|
eth0(Avvanta) 206.124.146.176 130.252.144.8
|
||||||
eth0(Blarg) eth1 206.124.146.176
|
eth0(Blarg) eth1 206.124.146.176
|
||||||
eth0(Avvanta) eth1 130.252.144.254
|
eth0(Avvanta) eth1 130.252.144.8
|
||||||
|
|
||||||
|
/etc/shorewall/route_rules:
|
||||||
|
|
||||||
|
#SOURCE DEST PROVIDER PRIORITY
|
||||||
|
- 206.124.146.0/24 Blarg 1000
|
||||||
|
- 130.252.144.0/24 Avvanta 1000
|
||||||
|
|
||||||
2) You may now include the name of a table (nat, mangle or filter) in
|
2) You may now include the name of a table (nat, mangle or filter) in
|
||||||
a 'shorewall refresh' command by following the name with a colon
|
a 'shorewall refresh' command by following the name with a colon
|
||||||
|
@ -198,6 +198,10 @@ sub add_a_provider( $$$$$$$$ ) {
|
|||||||
fatal_error "Duplicate provider number ($number)" if $providerref->{number} == $number;
|
fatal_error "Duplicate provider number ($number)" if $providerref->{number} == $number;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
( $interface, my $address ) = split /:/, $interface;
|
||||||
|
|
||||||
|
validate_address $address, 0 if defined $address;
|
||||||
|
|
||||||
fatal_error "Unknown Interface ($interface)" unless known_interface $interface;
|
fatal_error "Unknown Interface ($interface)" unless known_interface $interface;
|
||||||
|
|
||||||
my $provider = chain_base $table;
|
my $provider = chain_base $table;
|
||||||
@ -211,14 +215,12 @@ sub add_a_provider( $$$$$$$$ ) {
|
|||||||
emit "qt ip route flush table $number";
|
emit "qt ip route flush table $number";
|
||||||
emit "echo \"qt ip route flush table $number\" >> \${VARDIR}/undo_routing";
|
emit "echo \"qt ip route flush table $number\" >> \${VARDIR}/undo_routing";
|
||||||
|
|
||||||
my $variable;
|
|
||||||
|
|
||||||
if ( $gateway eq 'detect' ) {
|
if ( $gateway eq 'detect' ) {
|
||||||
$variable = get_interface_address $interface;
|
$address = get_interface_address $interface unless $address;
|
||||||
$gateway = get_interface_gateway $interface;
|
$gateway = get_interface_gateway $interface;
|
||||||
} elsif ( $gateway && $gateway ne '-' ) {
|
} elsif ( $gateway && $gateway ne '-' ) {
|
||||||
validate_address $gateway, 0;
|
validate_address $gateway, 0;
|
||||||
$variable = get_interface_address $interface;
|
$address = get_interface_address $interface unless $address;
|
||||||
} else {
|
} else {
|
||||||
$gateway = '';
|
$gateway = '';
|
||||||
emit "run_ip route add default dev $interface table $number";
|
emit "run_ip route add default dev $interface table $number";
|
||||||
@ -324,7 +326,7 @@ sub add_a_provider( $$$$$$$$ ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ( $gateway ) {
|
if ( $gateway ) {
|
||||||
emit "run_ip route replace $gateway src $variable dev $interface table $number $realm";
|
emit "run_ip route replace $gateway src $address dev $interface table $number $realm";
|
||||||
emit "run_ip route add default via $gateway dev $interface table $number $realm";
|
emit "run_ip route add default via $gateway dev $interface table $number $realm";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@ Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the
|
|||||||
license is included in the section entitled “<a href="GnuCopyright.htm"
|
license is included in the section entitled “<a href="GnuCopyright.htm"
|
||||||
target="_self">GNU Free Documentation License</a>”.</p>
|
target="_self">GNU Free Documentation License</a>”.</p>
|
||||||
|
|
||||||
<p>2007-11-19</p>
|
<p>2007-11-20</p>
|
||||||
<hr style="width: 100%; height: 2px;">
|
<hr style="width: 100%; height: 2px;">
|
||||||
|
|
||||||
<h2>Table of Contents</h2>
|
<h2>Table of Contents</h2>
|
||||||
@ -145,7 +145,8 @@ The <span style="font-weight: bold;">current Development Release</span> is
|
|||||||
notes</a></li>
|
notes</a></li>
|
||||||
<li>Here are the <a
|
<li>Here are the <a
|
||||||
href="http://www1.shorewall.net/pub/shorewall/development/4.1/shorewall-4.1.0/known_problems.txt">known
|
href="http://www1.shorewall.net/pub/shorewall/development/4.1/shorewall-4.1.0/known_problems.txt">known
|
||||||
problems</a></li>
|
problems</a> and <a
|
||||||
|
href="http://www1.shorewall.net/pub/shorewall/development/4.1/shorewall-4.1.0/errata/">updates</a>.</li>
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user