Re: [Shorewall-devel] Shorewall 5.0.14 RC 3

Tue, 01 Nov 2016 16:52:16 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 11/01/2016 03:09 PM, Steven Jan Springl wrote:
> On Tue, 1 Nov 2016 12:58:40 -0700 Tom Eastep
> <[email protected]> wrote:
> 
>>> 
>> 
>> This patch corrects the issue in the snat file; I believe that it
>> also corrects the same defect in the masq file.
>> 
>> Thanks Steven,
>> 
>> - -Tom - --
> 
> Tom
> 
> Confirmed, the patch fixes the issue in both masq and snat files.

Thanks Steven.

> 
> 
> -------------------------------------------------------------------------------------
>
>  Snat entry:
> 
> SNAT(:10-20)  10.11.11.0/24   eth0     tcp
> 
> Generates iptables-restore rule:
> 
> -A SHOREWALL -o eth0 -p 6 -s 10.11.11.0/24 -j SNAT --to-ports 10-20
> -m comment --comment "masq."
> 
> Which produces error message:
> 
> iptables-restore v1.4.21: unknown option "--to-ports"
> 

Another defect in both 'masq' and 'snat' processing. Patch attached.

Thanks Steven,

- -Tom
- -- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJYGSpCAAoJEJbms/JCOk0Q/7wQAMDhiTFDZ5BbqgRABUB1Ma6V
Bfd8inLtzphsYlGJQFokpBmh7yLHRXWI6nCyIWvMivyQOhZWEmtBQWDqvwTGicL+
GXnkoofOpqLd3lUgCD2b2JJAP7pUer5L7bRKhzYSX9CGKC0XUavs/NBsItNg5H3o
IRax/Y/3xHLiAVCtMyLqSIouOcTN1E/aNd39383vDfuQhhpjmE0amsO7HdpV/EG9
4K5KLUnIEus6jAdv1pS+ts0A4ikO5RuwD2XOibdzL1YNFkTWSqVNmYK5VHGGCbDH
c4ngq6EaFgMuvfli/NDcqabC6qQjWUPv+wvzJqjU8cfV1JXZPFdDsq+uDVr213fp
4BaT+GEZyA8JcH+Kl0UmCYF/27Fn5uDC5J6z4S/ezivwVMNkOYH0Xwrg62oK8/Es
5cOkUONCemj6nLanCyv66MKeqBE49bl2FXE3Ee96wCgxRS6fyZuz5uDwbNa3hmER
1t/VzrbnviKJVNbvxMfRSy5nuXPyj2UeuoL3kGIf1y+oCzwVEvax37Jhr0ZYdaVl
x4bLXX3abskjrJ2o1KnLPDnGzByehjaMfhkznuZPFmX34v4bZVgA3jkZHYU6lGcR
Ylk8CBWIOsl/aU9Ta4oHqUF9x5kxC3Qu13WisgnjW8rp/CoOvFQZAtNc+whOzIT1
NGUj2kGvbAB65YzxFcm8
=/w+D
-----END PGP SIGNATURE-----

diff --git a/Shorewall/Perl/Shorewall/Nat.pm b/Shorewall/Perl/Shorewall/Nat.pm
index ad1cfdf..60cb565 100644
--- a/Shorewall/Perl/Shorewall/Nat.pm
+++ b/Shorewall/Perl/Shorewall/Nat.pm
@@ -293,7 +293,7 @@ sub process_one_masq1( $$$$$$$$$$$$ )
 				my $ports = $addr;
 				$ports =~ s/^://;
 				validate_portpair1( $proto, $ports );
-				$addrlist .= "--to-ports $ports ";
+				$addrlist .= "--to-source :$ports ";
 				$exceptionrule = do_proto( $proto, '', '' );
 			    }
 			} else {
diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index cb40796..81ab37a 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -5566,7 +5566,7 @@ sub process_snat1( $$$$$$$$$$$$ ) {
 			    my $ports = $addr;
 			    $ports =~ s/^://;
 			    validate_portpair1( $proto, $ports );
-			    $addrlist .= " --to-ports $ports";
+			    $addrlist .= " --to-source :$ports";
 			    $exceptionrule = do_proto( $proto, '', '' );
 			}
 		    } else {

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to