Hi Tom,
I'm sorry, but I'm not sure what to configure in /etc/shorewall/masq.
Should I drop all bridge config (vmbr0, vmbr1, vmbr2) in /etc/network/interfaces?
Is it true that there's no default route to eth0?
Currently, I have this configuration:
/etc/network/interfaces
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
## ISP1 public DHCP IPv4
auto eth0
iface eth0 inet dhcp
# The loopback network interface
auto lo
iface lo inet loopback
## ISP1 public DHCP IPv4
auto eth0
iface eth0 inet dhcp
auto eth1
iface eth1 inet manual
auto eth2
iface eth2 inet manual
## LAN
auto vmbr0
iface vmbr0 inet static
address 10.0.0.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
## DMZ an eth1
auto vmbr1
iface vmbr1 inet static
address 10.1.0.1
netmask 255.255.255.0
bridge_ports eth1
bridge_stp off
bridge_fd 0
## LAN ISP2 an eth2
auto vmbr2
iface vmbr2 inet static
address 192.168.178.14
netmask 255.255.255.0
bridge_ports eth2
bridge_stp off
bridge_fd 0
iface eth1 inet manual
auto eth2
iface eth2 inet manual
## LAN
auto vmbr0
iface vmbr0 inet static
address 10.0.0.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
## DMZ an eth1
auto vmbr1
iface vmbr1 inet static
address 10.1.0.1
netmask 255.255.255.0
bridge_ports eth1
bridge_stp off
bridge_fd 0
## LAN ISP2 an eth2
auto vmbr2
iface vmbr2 inet static
address 192.168.178.14
netmask 255.255.255.0
bridge_ports eth2
bridge_stp off
bridge_fd 0
/etc/shorewall/masq
#INTERFACE SOURCE ADDRESS
vmbr0 10.0.0.0/24 10.0.0.1
vmbr1 10.1.0.0/24 10.1.0.1
/etc/shorewall/interfaces
#ZONE INTERFACE BROADCAST OPTIONS
net UMB_IF - optional,sourceroute=0,routefilter=0,arp_ignore=1,proxyarp=0,physical=$UMB_IF,upnp,nosmurfs,tcpflags,dhcp
net UMP_IF - optional,sourceroute=0,routefilter=0,arp_ignore=1,proxyarp=0,physical=$UMP_IF,upnp,nosmurfs,tcpflags
loc INT_IF - dhcp,physical=$INT_IF,ignore=1,wait=5,routefilter,nets=10.0.0.0/24,routeback
vpn TUN_IF+ - physical=tun+,ignore=1
dmz vmbr1 - routeback,proxyarp=1,required,wait=30
#fb vmbr2 detect routeback=1,bridge
/etc/shorewall/params
LOG=NFLOG
INT_IF=vmbr0
TUN_IF=tun+
UMB_IF=eth0
UMP_IF=vmbr2
#INTERFACE SOURCE ADDRESS
vmbr0 10.0.0.0/24 10.0.0.1
vmbr1 10.1.0.0/24 10.1.0.1
/etc/shorewall/interfaces
#ZONE INTERFACE BROADCAST OPTIONS
net UMB_IF - optional,sourceroute=0,routefilter=0,arp_ignore=1,proxyarp=0,physical=$UMB_IF,upnp,nosmurfs,tcpflags,dhcp
net UMP_IF - optional,sourceroute=0,routefilter=0,arp_ignore=1,proxyarp=0,physical=$UMP_IF,upnp,nosmurfs,tcpflags
loc INT_IF - dhcp,physical=$INT_IF,ignore=1,wait=5,routefilter,nets=10.0.0.0/24,routeback
vpn TUN_IF+ - physical=tun+,ignore=1
dmz vmbr1 - routeback,proxyarp=1,required,wait=30
#fb vmbr2 detect routeback=1,bridge
/etc/shorewall/params
LOG=NFLOG
INT_IF=vmbr0
TUN_IF=tun+
UMB_IF=eth0
UMP_IF=vmbr2
Gesendet: Sonntag, 20. März 2016 um 03:35 Uhr
Von: "Tom Eastep" <teas...@shorewall.net>
An: shorewall-users@lists.sourceforge.net
Betreff: Re: [Shorewall-users] Configuration - appropriate configuration with 2 default gateways
Von: "Tom Eastep" <teas...@shorewall.net>
An: shorewall-users@lists.sourceforge.net
Betreff: Re: [Shorewall-users] Configuration - appropriate configuration with 2 default gateways
On 3/19/2016 5:03 PM, Thomas Schneider wrote:
> OK... but which configuration file do I need to modify?
>
/etc/shorewall/masq
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
> OK... but which configuration file do I need to modify?
>
/etc/shorewall/masq
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
