Re: [Shorewall-users] DNAT+SNAT+FTP Helper Problem
On 10/04/2017 03:22 AM, Juha Leinonen wrote: > Hi Tom, > > Great, thanks. > > Can you tell me where I can track the progress of this bug report? > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877826 -Tom -- Tom Eastep\ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \___ signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] DNAT+SNAT+FTP Helper Problem
Hi Tom, Great, thanks. Can you tell me where I can track the progress of this bug report? Br, Juha On Fri, Sep 29, 2017 at 11:28 PM, Tom Eastepwrote: > On 09/29/2017 12:41 PM, Juha Leinonen wrote: > > Yes, in this case adding rule to SNAT file to change source IP of packet > > traveling from Internet to local LAN. > > > > > > I have reproduced the problem and it does not appear to be a Shorewall > issue. Will file a bug report. > > Regards, > -Tom > -- > Tom Eastep\ Q: What do you get when you cross a mobster with > Shoreline, \ an international standard? > Washington, USA \ A: Someone who makes you an offer you can't > http://shorewall.org \ understand > \___ > > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] DNAT+SNAT+FTP Helper Problem
On 09/29/2017 12:41 PM, Juha Leinonen wrote: > Yes, in this case adding rule to SNAT file to change source IP of packet > traveling from Internet to local LAN. > > I have reproduced the problem and it does not appear to be a Shorewall issue. Will file a bug report. Regards, -Tom -- Tom Eastep\ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \___ signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] DNAT+SNAT+FTP Helper Problem
Yes, in this case adding rule to SNAT file to change source IP of packet traveling from Internet to local LAN. -Juha 29.9.2017 7.20 ip. "Tom Eastep"kirjoitti: On 09/29/2017 04:29 AM, Juha Leinonen wrote: > Hi, > > I'm running Debian 9.1 with > Linux 4.12.0-1-amd64 #1 SMP Debian 4.12.6-1 (2017-08-12) x86_64 GNU/Linux > Shorewall version 5.0.15.6 > > And I'm unable to get DNAT + SNAT + FTP helper combination working. > > DNAT + FTP Helper works, but when trying to get source IP address also > changed traffic never passes to inside interface. > Also combination DNAT + SNAT works, but then passive FTP doesn't work as > conntrack is not following packets. > > Have anyone by any change happened to stumble into this? This has been > working flawlessy with old 3.16 kernel and shorewall 4.x. > Just to clarify, I assume that when you add SNAT, you are adding an SNAT rule that changes the source IP on packets leaving the local interface? -Tom -- Tom Eastep\ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \___ -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] DNAT+SNAT+FTP Helper Problem
On 09/29/2017 04:29 AM, Juha Leinonen wrote: > Hi, > > I'm running Debian 9.1 with > Linux 4.12.0-1-amd64 #1 SMP Debian 4.12.6-1 (2017-08-12) x86_64 GNU/Linux > Shorewall version 5.0.15.6 > > And I'm unable to get DNAT + SNAT + FTP helper combination working. > > DNAT + FTP Helper works, but when trying to get source IP address also > changed traffic never passes to inside interface. > Also combination DNAT + SNAT works, but then passive FTP doesn't work as > conntrack is not following packets. > > Have anyone by any change happened to stumble into this? This has been > working flawlessy with old 3.16 kernel and shorewall 4.x. > Just to clarify, I assume that when you add SNAT, you are adding an SNAT rule that changes the source IP on packets leaving the local interface? -Tom -- Tom Eastep\ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \___ signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
[Shorewall-users] DNAT+SNAT+FTP Helper Problem
Hi, I'm running Debian 9.1 with Linux 4.12.0-1-amd64 #1 SMP Debian 4.12.6-1 (2017-08-12) x86_64 GNU/Linux Shorewall version 5.0.15.6 And I'm unable to get DNAT + SNAT + FTP helper combination working. DNAT + FTP Helper works, but when trying to get source IP address also changed traffic never passes to inside interface. Also combination DNAT + SNAT works, but then passive FTP doesn't work as conntrack is not following packets. Have anyone by any change happened to stumble into this? This has been working flawlessy with old 3.16 kernel and shorewall 4.x. Br, -Juha -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users