-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 10/31/2016 03:08 PM, Steven Jan Springl wrote: > On Mon, 31 Oct 2016 14:42:33 -0700 Tom Eastep > <[email protected]> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 >> >> On 10/31/2016 01:37 PM, Steven Jan Springl wrote: >>> Tom >>> >>> The snat rule in the attached config. generates the following >>> iptables rule: >>> >>> -A SHOREWALL -o br0 -p 6 -s 10.11.11.0/11 ! -d 1.1.1.1 -m >>> multiport --dports 110,1,2,34,5,6,0:2,65000:65535,200:210 -j >>> SNAT --to-source 10.1.1.1-10.1.1.4 --to-source 10.2.1.1 >>> --to-source 10.3.1.1-10.3.1.255:500-600 --persistent --random >>> -m comment --comment "masq." >>> >>> Which produces the following iptables-restore error message: >>> >>> iptables-restore v1.4.21: SNAT: Multiple --to-source not >>> supported >>> >> >> This also happens with the equivalent rule in the masq file, does >> it not? >> >> - -Tom >> > Tom > > Yes, it does. >
It appears that multiple --to-source support has been dropped. It was never supported for IPv6, and the compiler raises an error in that case. I'm just going to apply that (reworded) error to IPv4 as well and change the documentation. Thanks Steven, - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJYF7/IAAoJEJbms/JCOk0QUUkQAKFvQjLvew8Ytogp6eFI0YNo DxmglPfGOtOll30lqOeIGgmAcjzb2WdvKeb5p7qOxaNI0NmkL4CdxC7kTBY0ccVH bN3krze3EmSmfuzCTFTJ6eEBs72TP373T4ws/J5qyVOm6fAtEQPKGO1t2rFJqWZo 85MiAqa36CLd/K62eHShYDZXIYxVDUlHd7MOSv9fK5GWriD7b7EQ9pQWIvgzATQy 5JAbHxXE3MHm4YYbx+JyFckkmzwhB2gWX6pkPk+f2C3opq0XJEzKi/zWpJ2T4R2H uXkI5O9x+jqe5RtNIOI1YVuMkG6CSmnGk6MBBRx/HpA4ZFuU+eKTLYdp+vxT3BDi 8FvCToYnobVmNHQhAawI8J3MxTPA1+zV8q9rbbS9TT0LHyqZ3NXDm3yZHXzo+yjE HqZRNC0dq9tvQKbbhuh8RlQ2MXMV+rGWWKL85YKZVeP3aSWrD9cOLlz759f8joOi uLMc8N9/ZXelVQ62PkA+VcnsqR4xCImyGsqR0k08PBdMnQqlgEHgivZB/PxxI8XM 70bvGlj70Avo8HChiDO66XZz369jry2Q4H0Hrsipj5soi5RnP0aQj0cQJpf1Y9VB fQDp0dEgPSjQsaiwe2XRqlh87Vcgs7U7qWknyk+HxM55r4dbn1vmWTN2yJrrcOVM A6bZrSmN2YYQPnoCct8c =hkn/ -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
