On Sun, 2011-09-18 at 23:33 +0100, Steven Jan Springl wrote: > Man page shorewall6-netmap refers to the last two columns as DEST PORT(S). > Their description suggests that the first is destination port(s) and the > second source port(S). > > However, the following shorewall6 netmap entry: > > DNAT:P 2001:4d48:ad51:24::/64 eth0 fd58:b443:dd9e:1::/64 - tcp 22 1000 > > generates the following ip6tables rule: > > -A eth0_pre -p 6 --dport 1000 --sport 22 -d 2001:4d48:ad51:24::/64 -j > RAWDNAT --to-dest fd58:b443:dd9e:1::/64 > > This seems to show the source port(s) column is first and destination port(s) > second.
Steven, You're correct; the ports are being reversed in the code. The attached patch fixes the issue. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Nat.pm b/Shorewall/Perl/Shorewall/Nat.pm
index 3a53e75..de0a916 100644
--- a/Shorewall/Perl/Shorewall/Nat.pm
+++ b/Shorewall/Perl/Shorewall/Nat.pm
@@ -417,7 +417,7 @@ sub setup_netmap() {
fatal_error "Unknown interface ($interface)" unless my $interfaceref = known_interface( $interface );
- my @rule = do_iproto( $proto, $sport, $dport );
+ my @rule = do_iproto( $proto, $dport, $sport );
unless ( $type =~ /:/ ) {
my @rulein;
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA Learn about the latest advances in developing for the BlackBerry® mobile platform with sessions, labs & more. See new tools and technologies. Register for BlackBerry® DevCon today! http://p.sf.net/sfu/rim-devcon-copy1
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
