Today I attempted to upgrade my legacy 2.0.4 fwknop-server (32 bit) to 2.6.6-1 (64 bit). My experience afterwards is that it is having difficulty properly injecting more than 1 rule into the FWKNOP_FORWARD chain.
To illustrate... At the top of my FORWARD chain, is a reference to the FWKNOP_FORWARD chain: Chain FORWARD (policy DROP 3 packets, 180 bytes) pkts bytes target prot opt in out source destination 249K 134M FWKNOP_FORWARD all -- any any anywhere anywhere I then send a knock from "Site A". It is successful and this happens once it hits the correct stanza: Added FORWARD rule to FWKNOP_FORWARD for 1.2.3.4 -> 192.168.10.1 tcp/1234, expires at 1435789117 which is verified by looking at iptables itself: Chain FWKNOP_FORWARD (1 references) pkts bytes target prot opt in out source destination 41 5087 ACCEPT tcp -- any any 1.2.3.4 desthost tcp dpt:ssh /* _exp_1435789117 */ Then I send a knock from "Site B". It finds the matching stanza. Then nothing happens. It doesn't log anything further about adding a FORWARD rule and nothing is actually added to iptables. It just stops here at the stanza: (stanza #3) SPA Packet from IP: 2.3.4.5 received with access source match I tried from multiple sites and encountered the same behavior. Unable to provide access to more than 1 IP at a time, I had to downgrade back to 2.0.4. Seen anything like this before? Any ideas? Thanks much! ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
