On two firewalls I have errors after a Shorewall update; no changes have been done on the configuration files.
Current situation on one of the two installations (the other one is similar): - Fedora Core 4 - shorewall-3.2.4-1.fc4 - iptables-1.3.0-2 I have two machines in the loc zone with a static NAT: #EXTERNAL INTERFACE INTERNAL ALL LOCAL # INTERFACES xxx.xxx.xxx.254 eth0 192.168.10.5 No No xxx.xxx.xxx.247 eth0 192.168.10.60 No No and in the masq file: #INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC eth0 eth1!192.158.10.5,192.158.10.60 (masquerading for all machines in loc except for the two with static NAT). It used to work with no problems with Shorewall 3.0 and also with earlier 3.2 releases; now with 3.2.4 it fails during startup with this error: Setting up Masquerading/SNAT... iptables v1.3.0: Unknown arg `--sport' Try `iptables -h' or 'iptables --help' for more information. ERROR: Command "/sbin/iptables -t nat -A eth0_masq -s 192.168.12.0/24 -d 0.0.0.0/0 --sport 53 -j" Failed If I remove the address exclusion list !192.158.10.5,192.158.10.60 and masq is simply: eth0 eth1 it works. Please tell me if this is a known limitation with this version of iptables; in any case I looked at the release notes and I did not find any notice about version requirements. I can also send the shorewall dump if it can be useful. Thanks Elio ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
