On Mon, 31 Oct 2016 15:03:52 -0700 Tom Eastep <[email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 10/31/2016 03:08 PM, Steven Jan Springl wrote: > > On Mon, 31 Oct 2016 14:42:33 -0700 Tom Eastep > > <[email protected]> wrote: > > > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > >> > >> On 10/31/2016 01:37 PM, Steven Jan Springl wrote: > >>> Tom > >>> > >>> The snat rule in the attached config. generates the following > >>> iptables rule: > >>> > >>> -A SHOREWALL -o br0 -p 6 -s 10.11.11.0/11 ! -d 1.1.1.1 -m > >>> multiport --dports 110,1,2,34,5,6,0:2,65000:65535,200:210 -j > >>> SNAT --to-source 10.1.1.1-10.1.1.4 --to-source 10.2.1.1 > >>> --to-source 10.3.1.1-10.3.1.255:500-600 --persistent --random > >>> -m comment --comment "masq." > >>> > >>> Which produces the following iptables-restore error message: > >>> > >>> iptables-restore v1.4.21: SNAT: Multiple --to-source not > >>> supported > >>> > >> > >> This also happens with the equivalent rule in the masq file, does > >> it not? > >> > >> - -Tom > >> > > Tom > > > > Yes, it does. > > > > It appears that multiple --to-source support has been dropped. It was > never supported for IPv6, and the compiler raises an error in that > case. I'm just going to apply that (reworded) error to IPv4 as well > and change the documentation. > > Thanks Steven, > > - -Tom > - -- Tom That sounds reasonable. Steven. ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
