On Mon, Jul 05, 2021 at 06:53:08PM -0400, PGNet Dev wrote:
> In my shorewall6-lite config, I've
> /init
> MYIP6=$( cat /etc/shorewall/MYIP6.current )
Can you try setting it to a static value without $() ?
> I use it in SNAT as
> /snat
> ?FORMAT 2
> SNAT(%{MYIP6}) [2600:xxxx:xxxx:xxxf::]/64 EXT_IF
Could you try &{MYIPV6} ?
Can you also send shorewall dump, or at least the relevant parts of the nat
table. Anything matching the /64.
> There's no ERROR on compile or start.
The docs say this, so if it's empty, that would make sense.
https://shorewall.org/configuration_file_basics.htm#AddressVariables
|A second form is also available beginning with Shorewall 4.5.11
|%{variable}
|Unlike with the first form, this form does not require the variable to be set.
If the variable is empty, the generated script will supply the all-zeros
address (0.0.0.0 in IPv4 and :: in IPv6). In most cases, the compiler simply
omits rules containing matches on the all-zeros address.
--
Justin
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
