Hi :) ________________________________________ De: Tom Eastep <[email protected]> Enviado: martes, 24 de junio de 2014 11:17 Para: [email protected] Asunto: Re: [Shorewall-users] NAT problem
On 6/24/2014 7:13 AM, Rodrigo Cortes wrote: > Hi! > ________________________________________ > De: Tom Eastep <[email protected]> > Enviado: jueves, 19 de junio de 2014 10:42 > Para: [email protected] > Asunto: Re: [Shorewall-users] NAT problem > > On 6/19/2014 6:22 AM, Rodrigo Cortes wrote: >> Hi Tom... >> ________________________________________ >> De: Tom Eastep <[email protected]> >> Enviado: miƩrcoles, 18 de junio de 2014 23:41 >> Para: [email protected] >> Asunto: Re: [Shorewall-users] NAT problem >>> >>> What is the setting of ADD_IP_ALIASES in shorewall.conf? >> >> ADD_IP_ALIASES=Yes > > If you are configuring these addresses outside of Shorewall, then you > want ADD_IP_ALIASES=No. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > I try two options ... > > > put all external ip in /sbin/ifup-local > > when centos startup, eth1 show all ip ok > > ip addr show dev eth1 > > inet IP1/28 brd xxx.xxx.xxx.xxx scope global eth1 > inet IP2/28 brd xxx.xxx.xxx.xxx scope global secondary eth1 > inet IP3/28 brd xxx.xxx.xxx.xxx scope global secondary eth1 > inet IP4/28 brd xxx.xxx.xxx.xxx scope global secondary eth1 > inet IP5/28 brd xxx.xxx.xxx.xxx scope global secondary eth1 > inet IP6/28 brd xxx.xxx.xxx.xxx scope global secondary eth1 > inet IP7/28 brd xxx.xxx.xxx.xxx scope global secondary eth1 > inet IP8/28 brd xxx.xxx.xxx.xxx scope global secondary eth1 Is that all of the IP addresses on eth1? Yes.. for the moment. > > and put into shorewall.conf ADD_IP_ALIASES=No > > But... not working as expect. > > some site Works another not. "It doesn't work" isn't helpful. What *exactly* doesn't work? some sites in the same public IP work, another not. traffic SSL dont connect ( Exchange owa) > > the nat file have this format > > IPx eth1 ip_lan no no I assume it is actually: IPx eth1 IP_LANx no no ??? Is correct. > > Now if change ADD_IP_ALIASES=YES all Works! this scenario repeat if use ip > aliases like eth1:0 etc... > Except that the IP addresses added are /24 rather than /28? lan IP are /24, wan IP are /28 Lan is behind router L3. Lan have multiple IP in different vlan. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
