I've been trying out the --NAT-local functionality with v2.0.3 (on Linux Mint)
& v2.0.0-rc1 (on OpenWRT), and I've observed that ENABLE_IPT_FORWARDING must be
enabled in fwknopd.conf, otherwise the FWKNOP_PREROUTING chain is not created
in the 'nat' table (under iptables). This seems to effectively prevent
--NAT-local usage from working at all, as the necessary DNAT rule is not
generated.
From my reading of the fwknopd documentation, it seems that having
ENABLE_IPT_LOCAL_NAT enabled should be sufficient to enable --NAT-local
functionality. (I understand that ENABLE_IPT_FORWARDING is required forĀ
--NAT-access access to machines behind the firewall running fwknopd.) Am I
misunderstanding the meaning of these options, or could this be a bug? I have
not yet tested this in v2.0.4, but I didn't find any mention of this problem in
the changelog.
Thanks,
Will D. Spann
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
