-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 11/02/2016 05:20 AM, Steven Jan Springl wrote:
> On Tue, 1 Nov 2016 18:37:04 -0700 Tom Eastep
> <[email protected]> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>>
>> On 11/01/2016 05:39 PM, Steven Jan Springl wrote:
>>> Tom
>>>
>>> Issuing a "shorewall update" converts the following masq file:
>>>
>>> eth0 10.11.11.0/24 :10-20 tcp
>>>
>>> To snat file:
>>>
>>> MASQUERADE(:10-20) 10.11.11.0/24 eth0 tcp
>>>
>>> Which produces the following error message:
>>>
>>> ERROR: Invalid/Unknown tcp port/service (0:10)
>>> /etc/shorewall96/snat (line 13)
>>>
>>
>>
>> Steven,
>>
>> Here is a patch that I believe corrects a couple of issues,
>> including this one.
>>
>> Thanks, - -Tom - --
>
> Tom
>
> The patch has not resolved the issue.
>
> The snat rule that is now generated is:
>
> MASQUERADE(10-20) 10.11.11.0/24 eth0 tcp
>
> Which produces the following error message:
>
> ERROR: Invalid IP Address (10) /etc/shorewall96/snat (line 13)
>
Since this rule is correctly processed by my code base, I have sent to
Steven offline a copy of my Rules.pm module.
Steven,
Here is another fix that you may need -- it modifies the Nat.pm patch
I sent late yesterday. Without it, SNAT rules in the masq file that
include both an ADDRESS and a source port[-range].
Thanks,
- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJYGhhJAAoJEJbms/JCOk0QH6cQAKHIA74FZu+EKdT/1/Exisd7
zDV+5jIJ7aWHc0Tl4qjUmAh0K4nx1crjqxODvbZ0Cp3p+Vv/i088j5IPLcGI22+w
ZB9SA7Cjf0YCP7tfut0C8/euQlR2XtzWpYhfiZD94AP8Sf6X3Ea7ujyPptlk06PV
o26hyuf+1gCJ4jcD3QQ25RKMthkw4nirkcDEO6eRgW9xwbfM9tNCblYvoNFfV93v
EJn1Xc/GDqz5ClQ4/RklmkFfjrXwa/OxH22046Cgv1KnBwkC8pknE/YYiIxN43Cv
nFfpWd47nk4K6hf4kodkfG4ze7taO9YZFTCkA5OA3+2WUteiH6WWGW8nmBsoAAeM
opcAjYKRYi+Pv11CuqfgjHcAHlrtMkiP2Kj5CwYdUmD1wgLBblaq9aSkwCzAPZgA
YE9ljvE0UYj+md2QwI2WgiPB72MESzGW/ZFFxFiPRoQP929G7q00tisrHhhhb8Ta
pjKeedQhERmDhKXcX800CIM/Ik8S8/Q9DuwF1i60xFn/OvOC4lTe37HzJpmgIOli
YGiJLrw8d+AAQz76TGdHkw2hzYa8RjvlAoaCDapTVSsld1NgZ95plLudxRu+ecrJ
+ItqVsRN8rZTUlqAhNj2xJyiPtqbs3NHIZ3r4+o9KsQP8lq6gSGfMSM0AqNuUhTt
uyEldvybMn+Ge+Vx0/PY
=NK37
-----END PGP SIGNATURE-----
diff --git a/Shorewall/Perl/Shorewall/Nat.pm b/Shorewall/Perl/Shorewall/Nat.pm
index 8be0296..c67c076 100644
--- a/Shorewall/Perl/Shorewall/Nat.pm
+++ b/Shorewall/Perl/Shorewall/Nat.pm
@@ -289,7 +289,7 @@ sub process_one_masq1( $$$$$$$$$$$$ )
if ( supplied $rest ) {
validate_portpair1( $proto, $rest );
- $addrlist .= "--to-source :$rest ";
+ $addrlist .= "--to-source $addr ";
} else {
$addrlist .= "--to-source $ipaddr";
}
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
