On Jul 6, 2011, at 4:23 PM, Tom Eastep wrote:
>
> No problem. I've reported the problem on netfilter-devel.
>
The netfilter developers have accepted my (second) patch.
-Tom
Tom Eastep\ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep.
According to
http://www.netfilter.org/projects/iptables/files/changes-iptables-1.4.11.1.txt
and the corresponding patch not.
- Ursprüngliche Mail -
Von: "Dominic Benson"
An: "Shorewall Users"
Gesendet: Donnerstag, 7. Juli 2011 00:26:12
Betreff: Re: [Shorewall-user
On Jul 6, 2011, at 4:17 PM, Dominic Benson wrote:
>
> On 7 Jul 2011, at 00:09, Tom Eastep wrote:
>
>>
>> On Jul 6, 2011, at 3:26 PM, Dominic Benson wrote:
>>
>>>
>>> On 6 Jul 2011, at 22:59, Alexander Wilms wrote:
>>>
Ack, downgraded to plain openSUSE iptables-1.4.10-3.1.i586.rpm, resu
On 7 Jul 2011, at 00:09, Tom Eastep wrote:
>
> On Jul 6, 2011, at 3:26 PM, Dominic Benson wrote:
>
>>
>> On 6 Jul 2011, at 22:59, Alexander Wilms wrote:
>>
>>> Ack, downgraded to plain openSUSE iptables-1.4.10-3.1.i586.rpm, result is
>>> now a correct "ctorigdstport 52022"
>>>
>>> 160 A
On Jul 6, 2011, at 3:26 PM, Dominic Benson wrote:
>
> On 6 Jul 2011, at 22:59, Alexander Wilms wrote:
>
>> Ack, downgraded to plain openSUSE iptables-1.4.10-3.1.i586.rpm, result is
>> now a correct "ctorigdstport 52022"
>>
>> 160 ACCEPT tcp -- * * 0.0.0.0/019
On 6 Jul 2011, at 22:59, Alexander Wilms wrote:
> Ack, downgraded to plain openSUSE iptables-1.4.10-3.1.i586.rpm, result is now
> a correct "ctorigdstport 52022"
>
> 160 ACCEPT tcp -- * * 0.0.0.0/0192.168.1.2
> tcp dpt:22 ctorigdstport 52022 ctorigdst
> - Ursprüngliche Mail -
> Von: "Tom Eastep"
> An: "Shorewall Users"
> Gesendet: Donnerstag, 7. Juli 2011 00:05:32
> Betreff: Re: [Shorewall-users] DNAT behaves like DNAT-
>
>
> On Wed, 2011-07-06 at 14:53 -0700, Tom Eastep wrote:
>
>
-
Von: "Tom Eastep"
An: "Shorewall Users"
Gesendet: Donnerstag, 7. Juli 2011 00:05:32
Betreff: Re: [Shorewall-users] DNAT behaves like DNAT-
On Wed, 2011-07-06 at 14:53 -0700, Tom Eastep wrote:
On Wed, 2011-07-06 at 23:46 +0200, Alexander Wilms wrote:
My version is i
On Wed, 2011-07-06 at 14:53 -0700, Tom Eastep wrote:
> On Wed, 2011-07-06 at 23:46 +0200, Alexander Wilms wrote:
>
> > My version is iptables-1.4.11+-21.1.i586
>
>
> That's where the bug is.
>
> -
Here is a patch to libxt_conntrack.c if you happen to be in a position
to build your own iptabl
ittwoch, 6. Juli 2011 23:53:00
Betreff: Re: [Shorewall-users] DNAT behaves like DNAT-
On Wed, 2011-07-06 at 23:46 +0200, Alexander Wilms wrote:
My version is iptables-1.4.11+-21.1.i586
That's where the bug is.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandf
On Wed, 2011-07-06 at 23:46 +0200, Alexander Wilms wrote:
> My version is iptables-1.4.11+-21.1.i586
That's where the bug is.
-Tom
--
Tom Eastep\ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \
My version is iptables-1.4.11+-21.1.i586
- Ursprüngliche Mail -
Von: "Tom Eastep"
An: "Shorewall Users"
Gesendet: Mittwoch, 6. Juli 2011 23:40:09
Betreff: Re: [Shorewall-users] DNAT behaves like DNAT-
On Wed, 2011-07-06 at 23:16 +0200, Alexander Wilms wrote:
Hi
On Wed, 2011-07-06 at 23:16 +0200, Alexander Wilms wrote:
> Hi Tom,
>
> here it comes:
>
> horewall 4.4.20.3 Chain net2loc0 at fire - Mi 6. Jul 23:14:49 CEST 2011
>
> Counters reset Mi 6. Jul 23:14:15 CEST 2011
>
> Chain net2loc0 (1 references)
> pkts bytes target prot opt in out
*/
This "ctorigdstport 14027" shouldn't happen, isn't it?
- Ursprüngliche Mail -
Von: "Tom Eastep"
An: "Shorewall Users"
Gesendet: Mittwoch, 6. Juli 2011 23:12:32
Betreff: Re: [Shorewall-users] DNAT behaves like DNAT-
On Wed, 2011-07-06 at 14:05 -0700,
Von: "Tom Eastep"
An: "Shorewall Users"
Gesendet: Mittwoch, 6. Juli 2011 23:05:03
Betreff: Re: [Shorewall-users] DNAT behaves like DNAT-
On Wed, 2011-07-06 at 22:20 +0200, Alexander Wilms wrote:
Hi Tom, hi list
I upgraded my firewall system which included an update to
On Wed, 2011-07-06 at 14:05 -0700, Tom Eastep wrote:
> On Wed, 2011-07-06 at 22:20 +0200, Alexander Wilms wrote:
> > SW:net2loc0:DROP:IN=eth1 OUT=eth0 SRC=85.182.238.98 DST=192.168.1.2 LEN=60
> > TOS=0x00 PREC=0x00 TTL=57 ID=36614 DF PROTO=TCP SPT=43415 DPT=22
> > WINDOW=4380 RES=0x00 SYN UR
On Wed, 2011-07-06 at 22:20 +0200, Alexander Wilms wrote:
> Hi Tom, hi list
>
> I upgraded my firewall system which included an update to
> shorewall-4.4.20.3-1.1.noarch (SuSE build service rpm).
>
> After that, DNAT seems to behave like DNAT- if the DNAT is directed to
> another DST port. Wit
Hi Tom, hi list
I upgraded my firewall system which included an update to
shorewall-4.4.20.3-1.1.noarch (SuSE build service rpm).
After that, DNAT seems to behave like DNAT- if the DNAT is directed to another
DST port. Without port-translation it works as expected.
Using this rules is not enou
18 matches
Mail list logo