-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 11/01/2016 05:39 PM, Steven Jan Springl wrote:
> Tom
>
> Issuing a "shorewall update" converts the following masq file:
>
> eth0 10.11.11.0/24 :10-20 tcp
>
> To snat file:
>
> MASQUERADE(:10-20) 10.11.11.0/24 eth0 tcp
>
> Which produces the following error message:
>
> ERROR: Invalid/Unknown tcp port/service (0:10)
> /etc/shorewall96/snat (line 13)
>
Steven,
Here is a patch that I believe corrects a couple of issues, including
this one.
Thanks,
- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJYGUNAAAoJEJbms/JCOk0QD3wQAJbS6tFaCrKSMqH2O2gmJpLz
2332SEddXUz0ApcEp/7CXEj1rdbetguPA2WJExztvfu/69Kla0VmmREq5xP9qg46
41R7jxYFifiVa+pLpDKKo1d7eDqEjT8VEio7GIOKiMmOkYKbj/W7rX8vdQLpFl+t
XBsBerXRfSPZn3IfUf14Q+4aZyxNETaBRrYMX2PdtE/nAdAmrTHK7OChVYpH5pik
AVd+vW2t77t085qNnwtIp4AHvQWddsAKNa0uxdNgokKSkcuWj5r8vUlryarZTvvT
jB569a6GX/RXllv5ISvudXIeGHH2ZElvz9W0rD6i95BLIMPJRrYWMcBtgWzcFEQ7
jzZ3DdxadM927SB7NobrOsTIDxHDOTJIDXYK7JD+/4yKUTKHa8w4TZuG3U8N/EKp
ZXit4onSFdXeeQYywnbbCBCvysKV9KVpgSILPkKkgFIOhAsAdoCrJpYUa8wK0HUD
Jc1JQYqI04L76sjwtWWGSeNGxtP0rRYGs9/H8hSes1TUjYom3EkRV5u1ffOtquBB
lFugfT8a8Y+yXGC67lwuyDeyT0ac7yA6QJXWRKipKkeWHrjKofL53oJxEAgVqSzl
CXTl2Dr3cLfvHEVlGDW0lkMRw1Bepjdp4mRTdKZhkLMUi4AFVwXcg2DLHfqXwPjj
QVELePKEXO8+jFo633l7
=PsJM
-----END PGP SIGNATURE-----
diff --git a/Shorewall/Perl/Shorewall/Nat.pm b/Shorewall/Perl/Shorewall/Nat.pm
index 60cb565..4801ff7 100644
--- a/Shorewall/Perl/Shorewall/Nat.pm
+++ b/Shorewall/Perl/Shorewall/Nat.pm
@@ -286,8 +286,14 @@ sub process_one_masq1( $$$$$$$$$$$$ )
} else {
validate_address $ipaddr, 0;
}
- validate_portpair1( $proto, $rest ) if supplied $rest;
- $addrlist .= "--to-source $ipaddr ";
+
+ if ( supplied $rest ) {
+ validate_portpair1( $proto, $rest );
+ $addrlist .= "--to-source $addr ";
+ } else {
+ $addrlist .= "--to-source $ipaddr";
+ }
+
$exceptionrule = do_proto( $proto, '', '' ) if $addr =~ /:/;
} else {
my $ports = $addr;
@@ -399,7 +405,11 @@ sub process_one_masq1( $$$$$$$$$$$$ )
if ( $snat ) {
$target =~ s/ .*//;
$target .= '+' if $pre_nat;
- $target .= '(' . $addresses . ')' if $addresses ne '-' && $addresses ne 'NONAT';
+
+ if ( $addresses ne '-' && $addresses ne 'NONAT' ) {
+ $addresses =~ s/^://;
+ $target .= '(' . $addresses . ')';
+ }
my $line = "$target\t$networks\t$savelist\t$proto\t$ports\t$ipsec\t$mark\t$user\t$condition\t$origdest\t$probability";
#
diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 81ab37a..4971779 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -5559,8 +5559,14 @@ sub process_snat1( $$$$$$$$$$$$ ) {
} else {
validate_address $ipaddr, 0;
}
- validate_portpair1( $proto, $rest ) if supplied $rest;
- $addrlist .= " --to-source $ipaddr";
+
+ if ( supplied $rest ) {
+ validate_portpair1( $proto, $rest );
+ $addrlist .= " --to-source $addr";
+ } else {
+ $addrlist .= " --to-source $ipaddr";
+ }
+
$exceptionrule = do_proto( $proto, '', '' ) if $addr =~ /:/;
} else {
my $ports = $addr;
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
