On 01/07/2018 05:06 PM, Thomas wrote: > Hi, > > when starting Shorewall I get this errror: > ERROR: Unknown interface address variable (&DMZ_IF) /etc/shorewall > /rtrules (line 4) > > I have attached the relevant trace file. > > This issue can be solved by modifying /etc/shorewall/rtrules. > failing: > #SOURCE DEST PROVIDER PRIORITY > &UMB_IF - um_business 1000 > &UMP_IF - um_private 1000 > &DMZ_IF - um_business 11000 > &INT_IF - um_private 11000 > > working: > #SOURCE DEST PROVIDER PRIORITY > &UMB_IF - um_business 1000 > &UMP_IF - um_private 1000 > vmbr2 - um_business 11000 > &INT_IF - um_private 11000 > > I'm wondering why this error is thrown because I have this Shorewall > parameters file: > root@pc4-svp:/tmp# cat /etc/shorewall/params > LOG=NFLOG > UMB_IF=eno1 > UMP_IF=vmbr0 > INT_IF=vmbr1 > DMZ_IF=vmbr2 > TUN_IF=tun+ >
And you have placed $DMZ_IF in the INTERFACE column in /etc/shorewall/interface. So this the interfaces entry that gets processed after variable expansion is: dmz vmbr2 - routeback=1,proxyarp=1,required,wait=30 With that entry, the proper address variable is &vmbr2, not &DMZ_IF. If you change your interfaces entry to: dmz DMZ_IF - routeback=1,proxyarp=1,required,wait=30,physical=$DMZ_IF then &DMZ_IF will work. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
