subject:"\[Shorewall\-users\] DNAT\+SNAT\+FTP Helper Problem"

Re: [Shorewall-users] DNAT+SNAT+FTP Helper Problem

2017-10-05 Thread Tom Eastep

On 10/04/2017 03:22 AM, Juha Leinonen wrote:
> Hi Tom,
> 
> Great, thanks. 
> 
> Can you tell me where I can track the progress of this bug report?
> 

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877826

-Tom
-- 
Tom Eastep\   Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
  \___



signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] DNAT+SNAT+FTP Helper Problem

2017-10-04 Thread Juha Leinonen

Hi Tom,

Great, thanks.

Can you tell me where I can track the progress of this bug report?

Br,
Juha

On Fri, Sep 29, 2017 at 11:28 PM, Tom Eastep  wrote:

> On 09/29/2017 12:41 PM, Juha Leinonen wrote:
> > Yes, in this case adding rule to SNAT file to change source IP of packet
> > traveling from Internet to local LAN.
> >
> >
>
> I have reproduced the problem and it does not appear to be a Shorewall
> issue. Will file a bug report.
>
> Regards,
> -Tom
> --
> Tom Eastep\   Q: What do you get when you cross a mobster with
> Shoreline, \ an international standard?
> Washington, USA \ A: Someone who makes you an offer you can't
> http://shorewall.org \   understand
>   \___
>
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] DNAT+SNAT+FTP Helper Problem

2017-09-29 Thread Tom Eastep

On 09/29/2017 12:41 PM, Juha Leinonen wrote:
> Yes, in this case adding rule to SNAT file to change source IP of packet
> traveling from Internet to local LAN. 
> 
>

I have reproduced the problem and it does not appear to be a Shorewall
issue. Will file a bug report.

Regards,
-Tom
-- 
Tom Eastep\   Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
  \___



signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] DNAT+SNAT+FTP Helper Problem

2017-09-29 Thread Juha Leinonen

Yes, in this case adding rule to SNAT file to change source IP of packet
traveling from Internet to local LAN.

-Juha

29.9.2017 7.20 ip. "Tom Eastep"  kirjoitti:

On 09/29/2017 04:29 AM, Juha Leinonen wrote:
> Hi,
>
> I'm running Debian 9.1 with
> Linux 4.12.0-1-amd64 #1 SMP Debian 4.12.6-1 (2017-08-12) x86_64 GNU/Linux
> Shorewall version 5.0.15.6
>
> And I'm unable to get DNAT + SNAT + FTP helper combination working.
>
> DNAT + FTP Helper works, but when trying to get source IP address also
> changed traffic never passes to inside interface.
> Also combination DNAT + SNAT works, but then passive FTP doesn't work as
> conntrack is not following packets.
>
> Have anyone by any change happened to stumble into this? This has been
> working flawlessy with old 3.16 kernel and shorewall 4.x.
>

Just to clarify, I assume that when you add SNAT, you are adding an SNAT
rule that changes the source IP on packets leaving the local interface?

-Tom
--
Tom Eastep\   Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
  \___



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] DNAT+SNAT+FTP Helper Problem

2017-09-29 Thread Tom Eastep

On 09/29/2017 04:29 AM, Juha Leinonen wrote:
> Hi,
> 
> I'm running Debian 9.1 with
> Linux 4.12.0-1-amd64 #1 SMP Debian 4.12.6-1 (2017-08-12) x86_64 GNU/Linux
> Shorewall version 5.0.15.6
> 
> And I'm unable to get DNAT + SNAT + FTP helper combination working. 
> 
> DNAT + FTP Helper works, but when trying to get source IP address also
> changed traffic never passes to inside interface. 
> Also combination DNAT + SNAT works, but then passive FTP doesn't work as
> conntrack is not following packets. 
> 
> Have anyone by any change happened to stumble into this? This has been
> working flawlessy with old 3.16 kernel and shorewall 4.x.
> 

Just to clarify, I assume that when you add SNAT, you are adding an SNAT
rule that changes the source IP on packets leaving the local interface?

-Tom
-- 
Tom Eastep\   Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
  \___



signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

[Shorewall-users] DNAT+SNAT+FTP Helper Problem

2017-09-29 Thread Juha Leinonen

Hi,

I'm running Debian 9.1 with
Linux 4.12.0-1-amd64 #1 SMP Debian 4.12.6-1 (2017-08-12) x86_64 GNU/Linux
Shorewall version 5.0.15.6

And I'm unable to get DNAT + SNAT + FTP helper combination working.

DNAT + FTP Helper works, but when trying to get source IP address also
changed traffic never passes to inside interface.
Also combination DNAT + SNAT works, but then passive FTP doesn't work as
conntrack is not following packets.

Have anyone by any change happened to stumble into this? This has been
working flawlessy with old 3.16 kernel and shorewall 4.x.

Br,
-Juha
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] DNAT+SNAT+FTP Helper Problem

Re: [Shorewall-users] DNAT+SNAT+FTP Helper Problem

Re: [Shorewall-users] DNAT+SNAT+FTP Helper Problem

Re: [Shorewall-users] DNAT+SNAT+FTP Helper Problem

Re: [Shorewall-users] DNAT+SNAT+FTP Helper Problem

[Shorewall-users] DNAT+SNAT+FTP Helper Problem

6 matches

Site Navigation

Mail list logo

Footer information