Re: [Shorewall-users] shorewall multi-isp snat with 3 ppp interfaces

Mon, 01 Oct 2018 08:51:02 -0700 

On 10/01/2018 05:40 AM, Vieri Di Paola via Shorewall-users wrote:
> Hi,
> 
> I'm having trouble with my new multi-ISP setup with 3 pppoe links to my 
> internet providers.
> I have no previous knowledge of the IP addresses the providers will assign 
> nor the gateway I should use. It's automatically configured when dialing in 
> with ppp.
> 
> So in my shorewall config I have the following:
> 
> # cat params
> IF_LAN=enp10s0
> IF_DMZ=enp5s0
> IF_ISP1=ppp1
> IF_ISP2=ppp2
> IF_ISP3=ppp3
> IF_ISP1_IP=detect
> IF_ISP2_IP=detect
> IF_ISP3_IP=detect
> IF_ISP1_GW=-
> IF_ISP2_GW=-
> IF_ISP3_GW=-
> IF_LAN_MASQ_ADDRESS=10.215.144.92
> IF_LAN_MASQ_SOURCE=172.16.0.2
> 
> Now, the trouble I have is trying to set up masquerading.
> 
> If this is the content of my snat file:
> 
> SNAT($IF_ISP3_IP)      0.0.0.0/0      $IF_ISP3
> SNAT($IF_ISP2_IP)      0.0.0.0/0      $IF_ISP2
> SNAT($IF_ISP1_IP)      0.0.0.0/0      $IF_ISP1
> SNAT($IF_ISP3_IP)      $IF_LAN $IF_ISP3
> SNAT($IF_ISP2_IP)      $IF_LAN $IF_ISP2
> SNAT($IF_ISP1_IP)      $IF_LAN $IF_ISP1
> SNAT($IF_ISP3_IP)      $IF_DMZ $IF_ISP3
> SNAT($IF_ISP2_IP)      $IF_DMZ $IF_ISP2
> SNAT($IF_ISP1_IP)      $IF_DMZ $IF_ISP1
> SNAT($IF_LAN_MASQ_ADDRESS)      $IF_LAN_MASQ_SOURCE    $IF_LAN
> 
> then this is shorewall's error message at startup:
> 
> /var/lib/shorewall/.start: line 3126: syntax error near unexpected token `fi'
> /var/lib/shorewall/.start: line 3126: ` fi'
>  * ERROR: shorewall failed to start
> 
> The .start script seems to have an empty "if" clause, hence the error.
> 
> # cat providers
> ISP1    1      1      -              $IF_ISP1        $IF_ISP1_GW 
> track,balance=3,persistent
> ISP2    2      2      -              $IF_ISP2        $IF_ISP2_GW 
> track,balance=2,persistent
> ISP3    3      3      -              $IF_ISP3        $IF_ISP3_GW 
> track,balance=1,persistent
> 
> I'm sorry I couldn't grab all the info required as described in 
> http://shorewall.org/support.htm, but I had to put the system back up in 
> production with another configuration. As soon as I can I will try to get a 
> trace. In the meantime, maybe someone here can already suggest I try 
> something as it must surely be a dumb configuration error on my behalf.
> 

For this type of error, I really need to see the .start file itself.

Thanks,
-Tom
-- 
Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
                      \_______________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users






















					Reply via email to