On Friday 08 Mar 2013 01:50:24 Tom Eastep wrote: > On 3/7/13 5:30 PM, "Steven Jan Springl" <[email protected]> wrote: > >On Friday 08 Mar 2013 01:25:39 Tom Eastep wrote: > >> On 3/7/13 5:13 PM, "Steven Jan Springl" <[email protected]> > >> > >>wrote: > >> >On Thursday 07 Mar 2013 16:27:21 Tom Eastep wrote: > >> >> The first bug fix below should receive wider testing. So I have > >> > >>uploaded > >> > >> >> 4.5.14 RC 2. I went ahead and included a simple new feature (see > >> > >>below), > >> > >> >> but I neglected to include the change that allows generating '-m > >> >> multiport --ports <port list>' by placing '=' SOURCE PORT(S) columns. > >> >> Given that it won't affect existing configurations, I will add that > >> >> feature to 4.5.14 final (or to RC 3 if required). > >> > > >> >Tom > >> > > >> >After the application of the MULTIPORT patch the following netmap > >> > >>entry: > >> >DNAT:O 192.168.168.0/24 eth1 10.199.0.0/16 88.88.88.88 tcp > >> > >>102,103 > >> > >> >201,301 > >> > > >> >Generates the following iptables rule: > >> > > >> >-A eth1_out -p 6 -s 88.88.88.88 -d 192.168.168.0/24 -m multiport -m > >> >multiport > >> >--dports 102,103 -m multiport --sports 201,301 -j RAWDNAT --to-dest > >> >10.199.0.0/16 > >> > > >> >Which produces the following error message: > >> > > >> >iptables-restore v1.4.18: multiport expection an option > >> > >> Steven, > >> > >> If you reverse the MULTIPORT patch, what iptables rule is generated? > > > >Tom > > > >The following rule is generated: > > > >-A eth1_out -p 6 -s 88.88.88.88 -d 192.168.168.0/24 -m multiport --dports > >102,103 -m multiport --sports 201,301 -j RAWDNAT --to-dest 10.199.0.0/16 > > Thanks Steven. > > I think this will fix it. > > -Tom > You do not need a parachute to skydive. You only need a parachute to > skydive twice.
Tom Confirmed, the patch fixes the problem. Thanks. Steven. ------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
