Re: [Shorewall-devel] Shorewall stopped with comma seperated SUBNET in masq

Sun, 20 Jan 2008 21:25:22 -0800 

On Fri, Jan 18, 2008 at 07:53:17PM +0530, Srinivasa Hebbar wrote:
> Hello,
> 
> I am getting the following error in shorewall 3.4.4
> 
> Setting up Masquerading/SNAT...
> iptables v1.3.3: host/network `192.168.1.1,192.168.1.3' not found
> Try `iptables -h' or 'iptables --help' for more information.
>    ERROR: Command "/sbin/iptables -t nat -A eth0_masq -s 
> 192.168.1.1,192.168.1.3 -d 0.0.0.0/0 -j MASQUERADE" Failed
> 
> #INTERFACE              SUBNET          ADDRESS         PROTO   PORT(S) IPSEC
> eth0    192.168.1.1,192.168.1.3
> 

The attached patch fixes the problem.  It will be incorporated in the
next release.

Regards,

-Roberto
-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com

Index: lib.nat
===================================================================
--- lib.nat	(revision 8079)
+++ lib.nat	(working copy)
@@ -227,7 +227,7 @@
 		build_exclusion_chain newchain nat "$nomasq" "$destnets"
 
 		if [ -n "$networks" ]; then
-		    for s in $networks; do
+		    for s in $(separate_list $networks); do
 			addnatrule $chain $(source_ip_range $s) $proto $ports $mark $policy -j $newchain
 		    done
 		    networks=
@@ -261,7 +261,7 @@
 		    build_exclusion_chain newchain nat $nomasq
 
 		    if [ -n "$networks" ]; then
-			for s in $networks; do
+			for s in $(separate_list $networks); do
 			    for destnet in $(separate_list $destnets); do
 				addnatrule $chain $(both_ip_ranges $s $destnet) $proto $ports $mark $policy -j $newchain
 			    done
@@ -388,7 +388,7 @@
 	fi
 
 	if [ -n "$networks" ]; then
-	    for network in $networks; do
+	    for network in $(separate_list $networks); do
 		for destnet in $(separate_list $destnets); do
 		    addnatrule $chain $(both_ip_ranges $network $destnet) $proto $ports $mark $policy -j $target $addrlist
 		done

Attachment: signature.asc
Description: Digital signature

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to