-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 11/01/2016 01:00 PM, Steven Jan Springl wrote:
>
> Confirmed. the patch fixes the issue with the snat rule. I haven't
> tried a masq rule yet.
Thanks.
>
> ----------------------------------------------------------------------
- -------------------
>
> Snat rule:
>
> SNAT(10.1.1.1::random) 10.11.11.0/24 eth0 tcp
>
> Generates iptables-restore rule:
>
> -A SHOREWALL -o eth0 -p 6 -s 10.11.11.0/24 -j SNAT --to-source
> 10.1.1.1: --random -m comment --comment "masq."
>
> Which produces error message:
>
> iptables-restore v1.4.21: Port `' not valid
>
This patch corrects the issue in the snat file; I believe that it also
corrects the same defect in the masq file.
Thanks Steven,
- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJYGPPwAAoJEJbms/JCOk0Q4X8P/3iCFS/iwMTK2eVrHGelHuDU
Ht+NvJjai49RivyXufbOAqtcx49qyQd9RcpNyks1+Euk6XxDzJkKpKaqaLxlDd5T
c/u2PoWncSw4G6gdY4uw1h8Vts4prLMeALngtFmBiqXI/WBD4BxipIKiUDeOKyHx
462QomRPOsC67netS73UEEKt45vWhkDQEmX1nPDo6yQB3aIHXcE+eMr40EqFKNkR
XKNpRLIMEDKcOnCBo5NL9pIUdWZmekjaH4valoU2r68KHO7ABbM8GJy5LsxhmYaX
SKrQRRqlx49eUHQQp2EN8YtnA69uyxx++xWeptFAG0Hppyr3uJFE+VhOEoGSyFWB
Vi7KKnqONjWvSTBqrklfBwa2Gm/JHHn3KyqgBqApULKUULBK+rmEjA/wbuh2rcvn
XA9wOEywSGu/dzTlPspqpt1qnSBbYbefKDJgGtCQJ3MklCLj6v31pzgNXq7art1R
WOhlziOD6vPyMUl4Zgl1ThtSFuMDOYu/nx09zbbvuga1ZfBvcdH2RSoeFFBrr0vl
xY3blm05hf5PQoCfUa2Fn7d1eUiFr67njpqGwjZVo1PwN5Yl4bY9PcphHEP4JZl/
kffpxmXJNEQcp4sewSdjykRdcxL63cqBeut3u8Nb+zIuljmo8ENkt28PdRBR+lBr
TzDDMyl952hyBPGfzKRq
=CuDS
-----END PGP SIGNATURE-----
diff --git a/Shorewall/Perl/Shorewall/Nat.pm b/Shorewall/Perl/Shorewall/Nat.pm
index 9dfb77e..ad1cfdf 100644
--- a/Shorewall/Perl/Shorewall/Nat.pm
+++ b/Shorewall/Perl/Shorewall/Nat.pm
@@ -287,7 +287,7 @@ sub process_one_masq1( $$$$$$$$$$$$ )
validate_address $ipaddr, 0;
}
validate_portpair1( $proto, $rest ) if supplied $rest;
- $addrlist .= "--to-source $addr ";
+ $addrlist .= "--to-source $ipaddr ";
$exceptionrule = do_proto( $proto, '', '' ) if $addr =~ /:/;
} else {
my $ports = $addr;
diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 6d43be5..cb40796 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -5560,7 +5560,7 @@ sub process_snat1( $$$$$$$$$$$$ ) {
validate_address $ipaddr, 0;
}
validate_portpair1( $proto, $rest ) if supplied $rest;
- $addrlist .= " --to-source $addr";
+ $addrlist .= " --to-source $ipaddr";
$exceptionrule = do_proto( $proto, '', '' ) if $addr =~ /:/;
} else {
my $ports = $addr;
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
