On 03/02/2013 08:15 AM, Steven Jan Springl wrote: > Shorewall rules: > > DNAT wan lan tcp 80 > > DNAT wan lan:0.0.0.0/0 tcp 80 > > Both generate the following iptables rule: > > -A wan_dnat -p 136 -m multiport --dports 80 -j DNAT --to-destination 0.0.0.0/0 > > Which produce the following error message: > > iptables-restore v1.4.17: Bad IP address "0.0.0.0/0" > > Similarly with Shorewall6 rule: > > DNAT wan lan tcp 80 > > Generates ip6tables rule: > > -A PREROUTING -p 6 --dport 80 -i eth1 -j DNAT --to-destination [::/0] > > Which produces error message: > > ip6tables-restore v1.4.17: Bad IP address "::/0" >
The attached patch corrects this problem. Thanks Steven, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Nat.pm b/Shorewall/Perl/Shorewall/Nat.pm
index e6dccf5..c04a3e6 100644
--- a/Shorewall/Perl/Shorewall/Nat.pm
+++ b/Shorewall/Perl/Shorewall/Nat.pm
@@ -704,12 +704,12 @@ sub handle_nat_rule( $$$$$$$$$$$$ ) {
validate_range( $addr1, $addr2 );
$server = join( '-', $addr1, $addr2 );
}
+ } elsif ( $server eq ALLIP || $server eq NILIP ) {
+ fatal_error "Invalid or missing server IP address";
} else {
- unless ( $server eq ALLIP ) {
- $server = $1 if $family == F_IPV6 && $server =~ /^\[(.+)\]$/;
- my @servers = validate_address $server, 1;
- $server = join ',', @servers;
- }
+ $server = $1 if $family == F_IPV6 && $server =~ /^\[(.+)\]$/;
+ my @servers = validate_address $server, 1;
+ $server = join ',', @servers;
}
if ( $action eq 'DNAT' ) {
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
