Hi, I just upgraded my Debian squeeze (7.0) firewalls to stretch (9.0) and so now have Shorewall 5.0.15.6-1. I'm having an issue though because of some policy routing to different providers on the same interface. I have the main content filter NBB which most web traffic goes through, and then two NAC systems that receive traffic from our guest network that is CoS marked by the wifi APs to implement a captive portal, then mangled to go to the appropriate provider.
The relevant lines from /etc/shorewall/providers are NAC 2 203 - vlan22 10.22.20.71 loose NBB 4 204 - vlan22 10.22.0.10 loose NAC2 5 205 - vlan22 10.22.20.75 loose With this I get an error: Compiling using Shorewall 5.0.15.6... ERROR: Interface vlan22 is already associated with non-shared provider NBB /etc/shorewall/providers (line 14) OK, so I read shorewall-providers(5) and it says "Where more than one provider is serviced through a single interface, the interface must be followed by a colon and the IP address of the interface that is supplied by the associated provider." But when I do this: NAC 2 203 - vlan22:10.22.20.71 10.22.20.71 loose NBB 4 204 - vlan22:10.22.0.10 10.22.0.10 loose NAC2 5 205 - vlan22:10.22.20.75 10.22.20.75 loose then I get this error: RTNETLINK answers: Invalid argument ERROR: Command "ip -4 route replace 10.22.20.71 src 10.22.20.71 dev vlan22" Failed For the moment I can work around this by commenting out the NAC and NAC2 providers, but I'd like to know what address I should be putting after the interface. Also I have USE_DEFAULT_RT=No set. Is the changelog accessible on the shorewall website outside of downloading the tarfile? Thanks, -- James Andrewartha Network & Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0424 160 877 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
