Re (4): routing
From: lee <lee@yun.yagibdah.d.>
Date: Sat, 30 Oct 2010 17:09:36 +0200
> Shorewall usually doesn't start when you refer to zones that aren't
> defined.
The real configuration of Shorewall didn't have the error.
The error was in NetworksPage. Months ago when I changed
the name of the zone I failed to revise NetworksPage properly.
> According to [[http://carnot.yi.org/NetworksPage.html]], eth0 is
> the net zone, and there are four
> interfaces for the loc zone. You're masquerading eth0, which is the
> net zone, and none of the of local zones: ...
I've revised the /etc/shorewall/masq section of NetworksPage
according to the real life.
Reference manual page shorewall-masq(5)
INTERFACE -
{[+]interfacelist[:[digit]][:[address[,address]...[exclusion]]|COMMENT}
Outgoing interfacelist. ...
...
SOURCE (Formerly called SUBNET) -
{interface[:exclusion]|address[,address][exclusion]}
Set of hosts that you wish to masquerade.
/etc/shorewall/masq, "eth0 172.24.0.0/16" means that subnets
172.24.0.0/16 are hidden behind eth0; not that eth0 is behind 172.24.0.0.
> ... not gona work.
Masquerading has worked for years. Cantor & Heaviside are my
workstations. If either loses connectivity I notice!
NetworksPage also has a new section for
/etc/udev/rules.d/70-persistent-net.rules.
Interfaces are named according to the adapter serial number
which is easily read by a human. Also, all interfaces LocN
are covered by one line in /etc/shorewall/interfaces.
> Keep things simple.
Absolutely. Preceeding paragraph is an example. I'll tackle
remaining errors as time is available.
Thanks for the commentary, ... Peter E.
--
Telephone 1 360 450 2132. 7785886232 is gone.
Shop pages http://carnot.yi.org/ accessible as long as the old
drives survive; installation of NetBSD on new drives pending.
Personal pages, http://members.shaw.ca/peasthope/ .
Reply to: