-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 10/26/2016 04:00 PM, Tom Eastep wrote:
> On 10/26/2016 03:44 PM, Steven Jan Springl wrote:
>
>
>> Confirmed, the patch fixes the issue.
>
>> ---------------------------------------------------------
>
>> The following masq file entry:
>
>> +br1::!192.168.23.0/32 10.1.2.0/24!10.1.2.1,10.1.1.4-10.1.1.8
>> NONAT icmp !0
>
>> is converted to snat entry:
>
>> CONTINUE+(NONAT) 10.1.2.0/24!10.1.2.1,10.1.1.4-10.1.1.8
>> br1::!192.168.23.0/32 icmp !0
>
>> which produces the following error:
>
>> ERROR: Invalid ACTION (CONTINUE+(NONAT)) /etc/shorewall200/snat
>> (line 16)
>
>
> The attached patch should correct that faulty rule translation.
>
Sorry that was not the correct fix. See attached.
- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJYETbLAAoJEJbms/JCOk0QC+gQAJLFOQyiFi6TCu3SlDFoT/zj
J3Lx6BygJJ9S26QQr3SwAKofmuIRK8M9e21J72gcuixFjgld+xAl3Qw+xfiWHIaU
bluIjiQoduCeB3dbqDncKn/YIvR034UALTshzSGvlmsGzKDwfdYb9oI/PgYug+nQ
4var55tnuWSOWpJymd8XJhemQXXJoc+vY1O0lxoxOemSOLCjtFXRv9fKJqeV9rJc
E+cTAmG6DG3PjNjNdIH5RQUa7tX2ZD1SQo6jAMruxy/eRNDrG/wdjyLB/e6A6s4K
QxTkhTJ2ivP5A4Ri1m9Mlk8EUdx/kt1ghy6yx01YHa7ULpOnCm9VNuXl15Tk9qYi
BT9CpL6o2Rm8gaGIl5z561cQnlyv+okcvN6rYaUqG+NwtPCXivVz7eyJFikfStuB
K+Kzi96iF+ij81nlENqL9YCx9DBSCU+Zds+ZsbCHHoj0SHrEQSYXGvznYQNnDFvN
RFQ4L9UgZNgv3DHQ9q2vLdRUbW5XLRuMyGGIqSmDi0uHWTefqLP8rfzAD5nyw7Ts
7xtdTUFzG/0alhK8QFlg+QEBcj7onvB0xF0ubhqDWKoheAzTlSEe+e+DhHbQlxB1
plJvBS5LZZaYnXaAQZcpX1lgijB7PySuAtsIn8RnhHtfLxCRxqK3ETHcKPi4yto1
5RR/mQ+3T2Nf7hVBIakp
=q5nE
-----END PGP SIGNATURE-----
diff --git a/Shorewall/Perl/Shorewall/Nat.pm b/Shorewall/Perl/Shorewall/Nat.pm
index bc24410..c4867ed 100644
--- a/Shorewall/Perl/Shorewall/Nat.pm
+++ b/Shorewall/Perl/Shorewall/Nat.pm
@@ -225,7 +225,7 @@ sub process_one_masq1( $$$$$$$$$$$$ )
} elsif ( $addresses eq 'NONAT' ) {
fatal_error "'persistent' may not be specified with 'NONAT'" if $persistent;
fatal_error "'random' may not be specified with 'NONAT'" if $randomize;
- $target = 'RETURN';
+ $target = $snat ? 'CONTINUE' : 'RETURN';
$add_snat_aliases = 0;
} elsif ( $addresses ) {
my $addrlist = '';
@@ -397,9 +397,8 @@ sub process_one_masq1( $$$$$$$$$$$$ )
if ( $snat ) {
$target =~ s/ .*//;
- $target = 'CONTINUE' if $target eq 'RETURN';
$target .= '+' if $pre_nat;
- $target .= '(' . $addresses . ')' if $addresses ne '-';
+ $target .= '(' . $addresses . ')' if $addresses ne '-' && $addresses ne 'NONAT';
my $line = "$target\t$networks\t$savelist\t$proto\t$ports\t$ipsec\t$mark\t$user\t$condition\t$origdest\t$probability";
#
------------------------------------------------------------------------------
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive.
Learn the new .NET and ASP.NET CLI. Get your free copy!
http://sdm.link/telerik
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
