From 89adc3ea6864881b7a8d60418a3ba69ea1a9a16a Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 26 Mar 2016 13:13:15 -0700 Subject: [PATCH] Use an address variable rather than find_first_interface_address() Signed-off-by: Tom Eastep --- docs/three-interface.xml | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/docs/three-interface.xml b/docs/three-interface.xml index c5c81005e..a25366d02 100644 --- a/docs/three-interface.xml +++ b/docs/three-interface.xml @@ -854,22 +854,16 @@ DNAT net dmz:10.10.11.2:80 tcp 5000 with:#ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST DNAT loc dmz:10.10.11.2 tcp 80 - <external IP>If you have a dynamic IP then you must ensure that your external - interface is up before starting Shorewall and you must take steps - as follows (assume that your external interface is eth0): - - Include the following in /etc/shorewall/params: + interface is up before starting Shorewall and you must code the + rule as follows (assume that your external interface is eth0): - ETH0_IP=$(find_first_interface_address - eth0) - + #ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST +DNAT loc dmz:10.10.11.2 tcp 80 - &eth0 - - Make your loc->dmz rule: - #ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST -DNAT loc dmz:10.10.11.2 tcp 80 - $ETH0_IP - - + '&eth0' expands to the IP address of eth0 (see this + article).