On Wed, 2 Nov 2016 09:46:01 -0700 Tom Eastep <[email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 11/02/2016 05:20 AM, Steven Jan Springl wrote: > > On Tue, 1 Nov 2016 18:37:04 -0700 Tom Eastep > > <[email protected]> wrote: > > > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > >> > >> On 11/01/2016 05:39 PM, Steven Jan Springl wrote: > >>> Tom > >>> > >>> Issuing a "shorewall update" converts the following masq file: > >>> > >>> eth0 10.11.11.0/24 :10-20 tcp > >>> > >>> To snat file: > >>> > >>> MASQUERADE(:10-20) 10.11.11.0/24 eth0 tcp > >>> > >>> Which produces the following error message: > >>> > >>> ERROR: Invalid/Unknown tcp port/service (0:10) > >>> /etc/shorewall96/snat (line 13) > >>> > >> > >> > >> Steven, > >> > >> Here is a patch that I believe corrects a couple of issues, > >> including this one. > >> > >> Thanks, - -Tom - -- > > > > Tom > > > > The patch has not resolved the issue. > > > > The snat rule that is now generated is: > > > > MASQUERADE(10-20) 10.11.11.0/24 eth0 tcp > > > > Which produces the following error message: > > > > ERROR: Invalid IP Address (10) /etc/shorewall96/snat (line 13) > > > > Since this rule is correctly processed by my code base, I have sent to > Steven offline a copy of my Rules.pm module. > > Steven, > > Here is another fix that you may need -- it modifies the Nat.pm patch > I sent late yesterday. Without it, SNAT rules in the masq file that > include both an ADDRESS and a source port[-range]. > > Thanks, > - -Tom > > Tom I have installed your copy of Rules.pm, but not the additional patch. The problem still occurs. Further investigation shows the problem only occurs with ADD_SNAT_ALIASES=Yes set in shorewall.conf. Changing it to ADD_SNAT_ALIASES=No fixes the problem. Is this expected? Steven. ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
