forked from extern/shorewall_code
More work on 'detect' in ADDRESS
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4168 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
886efa758b
commit
0c8f630b85
@ -1,6 +1,8 @@
|
||||
Changes in 3.2.0 RC 5
|
||||
|
||||
1) Correct generation of the balanced default route.
|
||||
|
||||
2) Allow 'detect' in the ADDRESS column of the masq file.
|
||||
-------------------------------------------------------------------------------
|
||||
Changes in 3.2.0 RC 5
|
||||
|
||||
|
@ -1114,7 +1114,7 @@ ip route show table $duplicate | while read net route; do
|
||||
default|nexthop)
|
||||
;;
|
||||
*)
|
||||
run_ip route add table $number \$net \$route"
|
||||
run_ip route add table $number \$net \$route
|
||||
;;
|
||||
esac
|
||||
done
|
||||
@ -6391,16 +6391,28 @@ __EOF__
|
||||
SAME:nodst:*)
|
||||
target="SAME --nodst"
|
||||
addresses=${addresses#SAME:nodst:}
|
||||
if [ "$addresses" = detect ]; then
|
||||
addrlist='$addrlist'
|
||||
else
|
||||
for address in $(separate_list $addresses); do
|
||||
addrlist="$addrlist --to $address";
|
||||
done
|
||||
fi
|
||||
;;
|
||||
SAME:*)
|
||||
target="SAME"
|
||||
addresses=${addresses#SAME:}
|
||||
if [ "$addresses" = detect ]; then
|
||||
addrlist='$addrlist'
|
||||
else
|
||||
for address in $(separate_list $addresses); do
|
||||
addrlist="$addrlist --to $address";
|
||||
done
|
||||
fi
|
||||
;;
|
||||
detect)
|
||||
target=SNAT
|
||||
addrlist='$addrlist'
|
||||
;;
|
||||
*)
|
||||
for address in $(separate_list $addresses); do
|
||||
@ -6417,7 +6429,22 @@ __EOF__
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -n "$add_snat_aliases" ]; then
|
||||
if [ "$addrlist" = '$addrlist' ]; then
|
||||
indent >&3 << __EOF__
|
||||
|
||||
addrlist=
|
||||
addressses=\$(find_interface_addresses $interface)
|
||||
|
||||
if [ -n "\$addresses" ]; then
|
||||
for address in \$addresses; do
|
||||
addrlist="$addrlist --to-source $address"
|
||||
done
|
||||
else
|
||||
fatal_error "Unable to determine the IP address(es) of $interface"
|
||||
fi
|
||||
|
||||
__EOF__
|
||||
elif [ -n "$add_snat_aliases" ]; then
|
||||
for address in $(separate_list $addresses); do
|
||||
address=${address%:)}
|
||||
if [ -n "$address" ]; then
|
||||
@ -6464,7 +6491,7 @@ __EOF__
|
||||
__EOF__
|
||||
done
|
||||
|
||||
if [ -n "$addresses" ]; then
|
||||
if [ -n "$addresses" -a "$addresses" != detect ]; then
|
||||
message=" To $destination $displayproto from \$network through ${interface} using $addresses"
|
||||
else
|
||||
message=" To $destination $displayproto from \$network through ${interface}"
|
||||
|
@ -78,6 +78,12 @@
|
||||
#
|
||||
# Example: 206.124.146.177-206.124.146.180
|
||||
#
|
||||
# You may also use the special value "detect"
|
||||
# which causes Shorewall to determine the
|
||||
# IP addresses configured on the interface named
|
||||
# in the INTERFACES column and substitute them
|
||||
# in this column.
|
||||
#
|
||||
# Finally, you may also specify a comma-separated
|
||||
# list of ranges and/or addresses in this column.
|
||||
#
|
||||
@ -101,7 +107,8 @@
|
||||
#
|
||||
# SAME:[nodst:]<address-range>[,<address-range>...]
|
||||
#
|
||||
# The <address-ranges> may be single addresses.
|
||||
# The <address-ranges> may be single addresses
|
||||
# or "detect" as described above.
|
||||
#
|
||||
# SAME works like SNAT with the exception that
|
||||
# the same local IP address is assigned to each
|
||||
|
@ -38,7 +38,17 @@ Problems Corrected in 3.2.0 RC 6
|
||||
|
||||
Other changes in 3.2.0 RC 6
|
||||
|
||||
None.
|
||||
1) This change will be in 3.0.9 so I'm slipping it into this RC for
|
||||
compatibility.
|
||||
|
||||
It is now possible to use the special value 'detect' in the ADDRESS
|
||||
column of /etc/shorewall/masq. This allows you to specify SNAT (as
|
||||
opposed to MASQUERADE) without having to know the ip address of the
|
||||
external interface. Shorewall must be restarted each time that the
|
||||
external address (the address of the interface named in the
|
||||
INTERFACE column) changes. Note that if you have done a 'shorewall
|
||||
save' then it is sufficient to "shorewall restore" since the
|
||||
restore script will re-detect the interface's IP address(es).
|
||||
|
||||
Migration Considerations:
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user