On Monday 25 Feb 2013 21:54:56 Tom Eastep wrote: > On 02/25/2013 01:32 PM, Tom Eastep wrote: > > On 02/25/2013 01:17 PM, Steven Jan Springl wrote: > >> Shorewall6 snat entry: > >> > >> eth0 2001:1::/56 [2001:470:a:227::2]-[2001:470:a:227::10]::1000-1010 > >> > >> Produces error message: > >> > >> ERROR: Invalid IPv6 Address (2001:470:a:227::2]) /etc/shorewall6A1/snat > >> (line 10) > > > > The attached patch should correct this; although, the correct entry > > would be: > > > > eth0 2001:1::/56 [2001:470:a:227::2]-[2001:470:a:227::10]:1000-1010 > > And the attached patch will catch the :: in your entry. > > Thanks Steven, > -Tom
Tom I have applied both patches. When I use the corrected snat entry with 'tcp' appended: eth0 2001:1::/56 [2001:470:a:227::2]-[2001:470:a:227::10]:1000-1010 tcp I get the following error message: ERROR: The separator for a port range is ':', not '-' (1000-1010) /etc/shorewall6A1/snat (line 10) When I change the snat entry as indicated in the above message to: eth0 2001:1::/56 [2001:470:a:227::2]-[2001:470:a:227::10]:1000:1010 tcp I get the following error message: ERROR: Invalid IPv6 Address ([2001:470:a:227::2]-[2001:470:a:227::10]:1000) /etc/shorewall6A1/snat (line 10) If I specify just one port: eth0 2001:1::/56 [2001:470:a:227::2]-[2001:470:a:227::10]:1000 tcp The following ip6tables rule is generated: -A eth0_masq -p 6 -s 2001:1::/56 -j SNAT --to-source 2001:470:a:227::2]-[2001:470:a:227::10 --toports 1000 Which produces the following error message: ip6tables-restore v1.4.17: Invalid address format Note, the example for the ADDRESS column in the snat man page contains a '::' separator between the address and the port range. Steven. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
