: Re: [Shorewall-devel] Shorewall 5.0.14 RC 3
On Thu, 3 Nov 2016 08:50:31 -0700
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 11/03/2016 08:32 AM, Tom Eastep wrote:
>
> >
> > I'm going to be away until late afternoon Seattle time, but I
On Thu, 3 Nov 2016 08:50:31 -0700
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 11/03/2016 08:32 AM, Tom Eastep wrote:
>
> >
> > I'm going to be away until late afternoon Seattle time, but I will
> > look at this when I return.
> >
>
> Took a quick look whil
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/03/2016 08:32 AM, Tom Eastep wrote:
>
> I'm going to be away until late afternoon Seattle time, but I will
> look at this when I return.
>
Took a quick look while eating breakfast, and this patch seems to
solve the problem.
Thanks again,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/03/2016 06:36 AM, Steven Jan Springl wrote:
>
> Confirmed, the patch fixes the issues.
>
Thanks for confirming, Steven.
> -
>
> In the attached config
On Wed, 2 Nov 2016 19:27:17 -0700
Tom Eastep wrote:
>
> >
> >
> > Snat rule:
> >
> > SNAT(0) 10.1.2.0/24 eth0tcp
> >
> > produces error message:
> >
> > iptables-restore v1.4.21: Port '0' not valid
> >
> > Similarly snat r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Steven,
On 11/02/2016 04:03 PM, Steven Jan Springl wrote:
>
> Confirmed, the patch fixes the issue.
>
Thanks.
>
>
> Snat rule:
>
> SNAT(0) 10.1.2.0/24 eth0tcp
>
> produce
On Wed, 2 Nov 2016 15:26:50 -0700
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 11/02/2016 03:03 PM, Steven Jan Springl wrote:
> > Tom
> >
> > Snat rule:
> >
> > SNAT+(:)10.1.2.0/24 eth0tcp
> >
> > Generates iptables-restore rule:
> >
> > -A SHOREWA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/02/2016 03:03 PM, Steven Jan Springl wrote:
> Tom
>
> Snat rule:
>
> SNAT+(:) 10.1.2.0/24 eth0tcp
>
> Generates iptables-restore rule:
>
> -A SHOREWALL -o eth0 -p 6 -s 10.1.2.0/24 -j SNAT --to-source :
>
> Which produces error
Tom
Snat rule:
SNAT+(:)10.1.2.0/24 eth0tcp
Generates iptables-restore rule:
-A SHOREWALL -o eth0 -p 6 -s 10.1.2.0/24 -j SNAT --to-source :
Which produces error message:
iptables-restore v1.4.21: Port `' not valid
Steven
---
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/02/2016 02:52 PM, Steven Jan Springl wrote:
>
> Confirmed, the patch fixes the problem.
>
Thanks, Steven.
- -Tom
- --
Tom Eastep\ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep.
On Wed, 2 Nov 2016 14:36:23 -0700
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 11/02/2016 02:12 PM, Steven Jan Springl wrote:
>
> > The snat rule in the attached config. generates the following
> > iptables rule:
> >
> > -A ~excl0 -j MASQUERADE --to-ports 101-20
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/02/2016 02:12 PM, Steven Jan Springl wrote:
> The snat rule in the attached config. generates the following
> iptables rule:
>
> -A ~excl0 -j MASQUERADE --to-ports 101-201
>
> Which produces the following error message:
>
> iptables-restore
Tom
The snat rule in the attached config. generates the following iptables
rule:
-A ~excl0 -j MASQUERADE --to-ports 101-201
Which produces the following error message:
iptables-restore v1.4.21: Need TCP, UDP, SCTP or DCCP with port
specification
Steven.
shorewall96.tar.gz
Description: applica
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/02/2016 12:53 PM, Steven Jan Springl wrote:
>
> Confirmed, the patch fixes the problem.
>
Thanks Steven.
- -Tom
- --
Tom Eastep\ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. N
On Wed, 2 Nov 2016 12:27:00 -0700
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 11/02/2016 12:05 PM, Steven Jan Springl wrote:
>
> >
> > I have installed your copy of Rules.pm, but not the additional
> > patch.
> >
> > The problem still occurs.
> >
> > Further
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/02/2016 12:05 PM, Steven Jan Springl wrote:
>
> I have installed your copy of Rules.pm, but not the additional
> patch.
>
> The problem still occurs.
>
> Further investigation shows the problem only occurs with
> ADD_SNAT_ALIASES=Yes set i
On Wed, 2 Nov 2016 09:46:01 -0700
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 11/02/2016 05:20 AM, Steven Jan Springl wrote:
> > On Tue, 1 Nov 2016 18:37:04 -0700 Tom Eastep
> > wrote:
> >
> >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
> >>
> >> On 11/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/02/2016 05:20 AM, Steven Jan Springl wrote:
> On Tue, 1 Nov 2016 18:37:04 -0700 Tom Eastep
> wrote:
>
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
>>
>> On 11/01/2016 05:39 PM, Steven Jan Springl wrote:
>>> Tom
>>>
>>> Issuing a "shor
On Tue, 1 Nov 2016 18:37:04 -0700
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 11/01/2016 05:39 PM, Steven Jan Springl wrote:
> > Tom
> >
> > Issuing a "shorewall update" converts the following masq file:
> >
> > eth0 10.11.11.0/24 :10-20 tcp
> >
> > To s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/01/2016 05:39 PM, Steven Jan Springl wrote:
> Tom
>
> Issuing a "shorewall update" converts the following masq file:
>
> eth0 10.11.11.0/24 :10-20 tcp
>
> To snat file:
>
> MASQUERADE(:10-20) 10.11.11.0/24 eth0 tcp
>
> Which pr
Tom
Issuing a "shorewall update" converts the following masq file:
eth0 10.11.11.0/24 :10-20 tcp
To snat file:
MASQUERADE(:10-20) 10.11.11.0/24 eth0 tcp
Which produces the following error message:
ERROR: Invalid/Unknown tcp port/service (0:10) /etc/shorewall96/snat
(line 13)
St
On Tue, 1 Nov 2016 16:50:27 -0700
Tom Eastep wrote:
> >
> >
> > -
> >
> > Snat entry:
> >
> > SNAT(:10-20)10.11.11.0/24 eth0 tcp
> >
> > Generates iptables-restore rule:
> >
> > -A SHOREWALL -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/01/2016 03:09 PM, Steven Jan Springl wrote:
> On Tue, 1 Nov 2016 12:58:40 -0700 Tom Eastep
> wrote:
>
>>>
>>
>> This patch corrects the issue in the snat file; I believe that it
>> also corrects the same defect in the masq file.
>>
>> Than
On Tue, 1 Nov 2016 12:58:40 -0700
Tom Eastep wrote:
> >
>
> This patch corrects the issue in the snat file; I believe that it also
> corrects the same defect in the masq file.
>
> Thanks Steven,
>
> - -Tom
> - --
Tom
Confirmed, the patch fixes the issue in both masq and snat files.
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/01/2016 01:00 PM, Steven Jan Springl wrote:
>
> Confirmed. the patch fixes the issue with the snat rule. I haven't
> tried a masq rule yet.
Thanks.
>
> --
- -
On Tue, 1 Nov 2016 11:22:09 -0700
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 11/01/2016 09:32 AM, Steven Jan Springl wrote:
>
> > Snat entry:
> >
> > SNAT(10.1.1.1:80:) 10.11.11.0/24 eth0tcp
> >
> > Generates the iptables-restore rule:
> >
> >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/01/2016 09:32 AM, Steven Jan Springl wrote:
> Snat entry:
>
> SNAT(10.1.1.1:80:)10.11.11.0/24 eth0tcp
>
> Generates the iptables-restore rule:
>
> -A SHOREWALL -o eth0 -p 6 -s 10.11.11.0/24 -j SNAT --to-source
> 10.1.1.1:
Tom
Snat entry:
SNAT(10.1.1.1:80:) 10.11.11.0/24 eth0tcp
Generates the iptables-restore rule:
-A SHOREWALL -o eth0 -p 6 -s 10.11.11.0/24 -j SNAT --to-source
10.1.1.1:80: -m comment --comment "masq."
Which produces the following error:
iptables-restore v1.4.21: Invalid port:port
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Shorewall 5.0.13 RC 3 is now available for testing.
Problems Corrected Since Beta 2:
1) Previously, the ADDRESS column in /etc/shorewall[6]/masq was
documented as allowing a list of addresses and/or address ranges.
That feature depended on
29 matches
Mail list logo
