Menu
▾
▴
[Shorewall-devel] Idea: permit /etc/shorewall/masq to contain zones, as well as interfaces
|
From: Richard <rn...@he...> - 2005-01-24 02:42:58
|
Dear All, Firstly, thank you very much - shorewall is great. I'm not a member of this list, and please forgive me if I am suggesting something stupid, but the following occurs to me, and I thought it might be useful. Why no make it possible to specify zones as well as interfaces in the /etc/shorewall/masq file ? Eg: instead of: eth0 eth1 one might write: net loc (or masq in Mandrake). A reason this would be useful is for backup internet connectivity. Eg: local network on eth1, masqueraded. ADSL modem on eth0. Backup dialup modem on ppp0. ppp0 and eth0 are both part of the net zone (in /etc/shorewall/zones); usually only one of the interfaces is working. Here is my /etc/shorewall/masq file. The result works fine, but I think it seems kludgy. It's also unclear what might happen if both eth0 and ppp0 were up at the same time. ----------------------------------- #Normally, we want to use eth0 (ADSL) for internet access #But in emergencies, use ppp0 instead. eth0 eth1 ppp0 eth1 ------------------------------------ [I'm using shorewall-2.0.8-1mdk on Mandrake 10.1. I hope this is useful rather than daft!] Regards Richard |
