Re: [Shorewall-users] DNAT+SNAT+FTP Helper Problem
On 10/04/2017 03:22 AM, Juha Leinonen wrote: > Hi Tom, > > Great, thanks. > > Can you tell me where I can track the progress of this bug report? > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877826 -Tom -- Tom Eastep\ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \___ signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] DNAT+SNAT+FTP Helper Problem
Hi Tom, Great, thanks. Can you tell me where I can track the progress of this bug report? Br, Juha On Fri, Sep 29, 2017 at 11:28 PM, Tom Eastepwrote: > On 09/29/2017 12:41 PM, Juha Leinonen wrote: > > Yes, in this case adding rule to SNAT file to change source IP of packet > > traveling from Internet to local LAN. > > > > > > I have reproduced the problem and it does not appear to be a Shorewall > issue. Will file a bug report. > > Regards, > -Tom > -- > Tom Eastep\ Q: What do you get when you cross a mobster with > Shoreline, \ an international standard? > Washington, USA \ A: Someone who makes you an offer you can't > http://shorewall.org \ understand > \___ > > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] DNAT+SNAT+FTP Helper Problem
On 09/29/2017 12:41 PM, Juha Leinonen wrote: > Yes, in this case adding rule to SNAT file to change source IP of packet > traveling from Internet to local LAN. > > I have reproduced the problem and it does not appear to be a Shorewall issue. Will file a bug report. Regards, -Tom -- Tom Eastep\ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \___ signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] DNAT+SNAT+FTP Helper Problem
Yes, in this case adding rule to SNAT file to change source IP of packet traveling from Internet to local LAN. -Juha 29.9.2017 7.20 ip. "Tom Eastep"kirjoitti: On 09/29/2017 04:29 AM, Juha Leinonen wrote: > Hi, > > I'm running Debian 9.1 with > Linux 4.12.0-1-amd64 #1 SMP Debian 4.12.6-1 (2017-08-12) x86_64 GNU/Linux > Shorewall version 5.0.15.6 > > And I'm unable to get DNAT + SNAT + FTP helper combination working. > > DNAT + FTP Helper works, but when trying to get source IP address also > changed traffic never passes to inside interface. > Also combination DNAT + SNAT works, but then passive FTP doesn't work as > conntrack is not following packets. > > Have anyone by any change happened to stumble into this? This has been > working flawlessy with old 3.16 kernel and shorewall 4.x. > Just to clarify, I assume that when you add SNAT, you are adding an SNAT rule that changes the source IP on packets leaving the local interface? -Tom -- Tom Eastep\ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \___ -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] DNAT+SNAT+FTP Helper Problem
On 09/29/2017 04:29 AM, Juha Leinonen wrote: > Hi, > > I'm running Debian 9.1 with > Linux 4.12.0-1-amd64 #1 SMP Debian 4.12.6-1 (2017-08-12) x86_64 GNU/Linux > Shorewall version 5.0.15.6 > > And I'm unable to get DNAT + SNAT + FTP helper combination working. > > DNAT + FTP Helper works, but when trying to get source IP address also > changed traffic never passes to inside interface. > Also combination DNAT + SNAT works, but then passive FTP doesn't work as > conntrack is not following packets. > > Have anyone by any change happened to stumble into this? This has been > working flawlessy with old 3.16 kernel and shorewall 4.x. > Just to clarify, I assume that when you add SNAT, you are adding an SNAT rule that changes the source IP on packets leaving the local interface? -Tom -- Tom Eastep\ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \___ signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users