Re: [Shorewall-devel] Shorewall 4.5.14 Beta 3

Wed, 27 Feb 2013 12:41:31 -0800 

On Wednesday 27 Feb 2013 17:26:54 Tom Eastep wrote:
> On 02/27/2013 07:30 AM, Tom Eastep wrote:
> > On 02/27/2013 04:43 AM, Steven Jan Springl wrote:
> >> Kernel 3.8 has config. option CONFIG_IP6_NF_TARGET_MASQUERADE
> >> 
> >> Shorewall6 snat entry:
> >> 
> >> eth0  2001:2::/56  :random
> >> 
> >> Produces ip6tables rule:
> >> 
> >> -A eth0_masq -s 2001:2::/56 -j MASQUERADE --random
> >> 
> >> Which ip6tables-restore accepts.
> >> 
> >> I am using ip6tables 1.4.17.
> >> 
> >> Note, kernel 3.7 also has the above config. option, but I haven't tried
> >> it.
> > 
> > This is a fine kettle of fish; my 3.7.4 Fedora 18 Kernel does not enable
> > that option.
> > 
> > Attached are three patches which:
> > 
> > - Correct the 'NONAT:random' error you reported in an earlier post.
> > - Rename /etc/shorewall6/snat to /etc/shorewall6/masq
> > - Add a MASQUERADE Target capability and bump the current CAPSVERSION
> > - Requires MASQUERADE Target support for MASQUERADE rules
> 
> Here's another one that requires MASQUERADE target support when a rule
> such as the following is present:
> 
> p3p1:[2001:470:b:227::0]/64   ::/0            :random
> 
> 
> -Tom

Tom

All patches applied. 
MASQUERADE3.patch hunk 2 refers to VERSION 4.5.13-Beta3 instead of 
4.5.14-Beta3. I made the change manually.

I can confirm the patch fixes the original problem for both shorewall and 
shorewall6.

---------------------------------------------------------------------------------------------

Shorewall6 masq entry:

eth0  2001:2::/56  :random:persistent

Generates the following ip6tables entry:

-A eth0_masq -s 2001:2::/56 -j MASQUERADE --random --persistent

Which produces the following error message:

ip6tables-restore v1.4.17: unknown option "--persistent"

The error also occurs in shorewall.

Steven.


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to