Re: [Shorewall-users] NPTv6

Sat, 07 Jan 2017 09:33:30 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 01/07/2017 09:11 AM, Tom Eastep wrote:
> On 01/07/2017 08:35 AM, Luke Jordan wrote:

> 
>> it doesn't work:
> 
>> /etc/shorewall6/mangle: MARK(768):P  eth0            -               tcp     
>>         22,47238,52486
>> # ssh traffic by dsl MARK(512):P     eth0            -               -       
>>         -               # other traffic
>> by cbl
> 
>> IP6TABLES(DNPT --src-pfx 2001:XXXX:YYYY:100::/64 --dst-pfx 
>> fdae:fa7:dead:beef::/64 ):P  eth0    -       -       -
> 
>> IP6TABLES(SNPT --src-pfx fdae:fa7:dead:beef::/64 --dst-pfx 
>> 2001:XXXX:YYYY:100::/64 ):P  eth0    -       -       -
> 
>> result:
> 
>> Checking /etc/shorewall6/mangle... ERROR: Invalid ACTION 
>> (IP6TABLES(DNPT --src-pfx 2001:XXXX:YYYY:100::/64 --dst-pfx 
>> fdae:fa7:dead:beef::/64 ):P) /etc/shorewall6/mangle (line 18)
> 
>> fdae:fa7:dead:beef::/64 is the local network, 
>> 2001:XXXX:YYYY:100::/64 the network of a provider.
> 
> 
> Did you add DNPT as a nat builtin action in
> /etc/shorewall6/actions?
> 

Nevermind -- it is a bug in the IP6TABLES parser -- it doesn't expect
IPv6 addresses in the action parameters :-(

- -Tom
- -- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJYcSQuAAoJEJbms/JCOk0QFuQP/AlzN2SRAv10+oDYh09TVCFP
Nt6UIvmOULu4JGrHcxFxBxryK94pj/eRxb5KyaykD0vGvW8p7mbr2l+Rn+DOX7H9
DlH4BV72AyLdmqYzEW2VjH3LnokoQvl5QRTJjHg4BWoNLu8SanpZDAN9XKKDtdyY
O33etaO5qWLFK0FU1RpN39T6oNqemqqlmzZLx/XSLa4hwzkXZ/ZfO/lpBTnvARKT
aMjnFAt5VqHHGxzkFSxSD8fdv63CFNltsQnt4Hpd20wberiFtGfzXbtppBiASZTN
ccGyvCGMP0PygIjxSks//0JK7ZKL8pJ8hgajvF2lp25QrGadsh6km4I9T+WZwIVF
qB6WAro5ATQ3+q0dnbngazpE+z3DXYSZuz62H57v4tLH/gH8GkSRaDgeBRBjRuiJ
Ej/ZVwPpw4A7EAgItja9dnA6O3620D5fZtIveZ0r6KtbOw30UYEO7RLuykw9JMRN
uNocHeuL3HB8UFKipNM7lJOXiYp7Nyb57aM4bGuNg4leMYVelOBvfYX/vUwGKuBQ
9bawEIlAcqDSjjtO3S+KDrmm1f/t4qY31mGyIlp9MnlHPfErEjo2FO6kuY9bgCFo
2yHTxnkSm3zLqM0HBbFUhttFanW8OvqJcWVAScnSTXiYbERupj+8F+gUgi6I9EOp
mt6FIqB8IBydGiFGQU8G
=yWcJ
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to