Tom Eastep wrote: > Tom Eastep wrote: >> Elio Tondo wrote: >> >>> and in the masq file: >>> >>> #INTERFACE SUBNET ADDRESS PROTO PORT(S) >>> IPSEC >>> eth0 eth1!192.158.10.5,192.158.10.60 >>> >>> (masquerading for all machines in loc except for the two with static NAT). >>> >>> It used to work with no problems with Shorewall 3.0 and also with earlier >>> 3.2 releases >> I need to know which earlier 3.2 release(s). > > I found a bug that may explain this problem. But it is a "day-1" 3.2 bug so I > don't know if the attached patch to /usr/share/shorewall/compiler will correct > your problem or not. > > At any rate, what you were doing (exclusing the static nat addresses from > masquerade) is unnecessary.
Elio, That should have been "*excluding* the static...". Also, I just noticed that the patch in my previous message contained changes to the release notes as well as to the compiler. Here's a proper patch. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Index: compiler =================================================================== --- compiler (revision 4574) +++ compiler (working copy) @@ -6041,7 +6041,7 @@ __EOF__ for destnet in $(separate_list $destnets); do indent >&3 << __EOF__ - run_iptables -t nat -A $chain -s \$network $(dest_ip_range $destnet) $proto $sports $policy -j $netchain + run_iptables -t nat -A $chain -s \$network $(dest_ip_range $destnet) $proto $ports $policy -j $newchain __EOF__ done indent >&3 << __EOF__
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
