holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Use an address variable rather than find_first_interface_address()

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-03-26 13:13:15 -07:00
parent ad87d94e33
commit 89adc3ea68
1 changed files with 8 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
docs/three-interface.xml
View File

@ -854,22 +854,16 @@ DNAT net dmz:10.10.11.2:80 tcp 5000</programlisting></para>
with:<programlisting>#ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST
DNAT loc dmz:10.10.11.2 tcp 80 - <emphasis>&lt;external IP&gt;</emphasis></programlisting>If
you have a dynamic IP then you must ensure that your external
interface is up before starting Shorewall and you must take steps
as follows (assume that your external interface is <filename
class="devicefile">eth0</filename>):<orderedlist>
<listitem>
<para>Include the following in /etc/shorewall/params:</para>
interface is up before starting Shorewall and you must code the
rule as follows (assume that your external interface is <filename
class="devicefile">eth0</filename>):</para>
<para><command>ETH0_IP=$(find_first_interface_address
eth0)</command></para>
</listitem>
<programlisting>#ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST
DNAT loc dmz:10.10.11.2 tcp 80 - &amp;eth0</programlisting>
<listitem>
<para>Make your <literal>loc-&gt;dmz</literal> rule:
<programlisting>#ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST
DNAT loc dmz:10.10.11.2 tcp 80 - $ETH0_IP</programlisting></para>
</listitem>
</orderedlist></para>
<para>'&amp;eth0' expands to the IP address of eth0 (see <ulink
url="configuration_file_basics.htm#AddressVariables">this
article</ulink>).</para>
</listitem>
<listitem>