Re: [Shorewall-users] NAT problem

Tue, 24 Jun 2014 08:26:00 -0700 

On 6/24/2014 7:13 AM, Rodrigo Cortes wrote:
> Hi!
> ________________________________________
> De: Tom Eastep <[email protected]>
> Enviado: jueves, 19 de junio de 2014 10:42
> Para: [email protected]
> Asunto: Re: [Shorewall-users] NAT problem
> 
> On 6/19/2014 6:22 AM, Rodrigo Cortes wrote:
>> Hi Tom...
>> ________________________________________
>> De: Tom Eastep <[email protected]>
>> Enviado: miƩrcoles, 18 de junio de 2014 23:41
>> Para: [email protected]
>> Asunto: Re: [Shorewall-users] NAT problem
>>>
>>> What is the setting of ADD_IP_ALIASES in shorewall.conf?
>>
>> ADD_IP_ALIASES=Yes
> 
> If you are configuring these addresses outside of Shorewall, then you
> want ADD_IP_ALIASES=No.
> 
> -Tom
> --
> Tom Eastep        \ When I die, I want to go like my Grandfather who
> Shoreline,         \ died peacefully in his sleep. Not screaming like
> Washington, USA     \ all of the passengers in his car
> http://shorewall.net \________________________________________________
> 
> 
> I try two options ...
> 
> 
> put all external ip in /sbin/ifup-local
> 
> when centos startup, eth1 show all ip ok
> 
> ip addr show dev eth1
> 
>     inet IP1/28 brd xxx.xxx.xxx.xxx scope global eth1
>     inet IP2/28 brd xxx.xxx.xxx.xxx scope global secondary eth1
>     inet IP3/28 brd xxx.xxx.xxx.xxx scope global secondary eth1
>     inet IP4/28 brd xxx.xxx.xxx.xxx scope global secondary eth1
>     inet IP5/28 brd xxx.xxx.xxx.xxx scope global secondary eth1
>     inet IP6/28 brd xxx.xxx.xxx.xxx scope global secondary eth1
>     inet IP7/28 brd xxx.xxx.xxx.xxx scope global secondary eth1
>     inet IP8/28 brd xxx.xxx.xxx.xxx scope global secondary eth1

Is that all of the IP addresses on eth1?

> 
> and put into shorewall.conf ADD_IP_ALIASES=No
> 
> But... not working as expect.
> 
> some site Works another not.

"It doesn't work" isn't helpful. What *exactly* doesn't work?

> 
> the nat file have this format
> 
> IPx     eth1         ip_lan                 no      no

I assume it is actually:

        IPx     eth1    IP_LANx         no      no

???
> 
> Now if change ADD_IP_ALIASES=YES all Works! this scenario  repeat if use ip 
> aliases like eth1:0 etc...
> 

Except that the IP addresses added are /24 rather than /28?

Thanks,
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to