From: "Tom Eastep" <[EMAIL PROTECTED]> > > It used to work with no problems with Shorewall 3.0 and also with earlier > > 3.2 releases > > I need to know which earlier 3.2 release(s).
I am not sure to be able to track this down, because the two firewalls are managed by other people (I only did the initial setup); I only know when they reported the problems. The first firewall failed apparently after the update to 3.2.3-1.fc4, the first days of September; the second one today, after the update to 3.2.4-1.fc4. I don't know the reason of this difference. > If you wish to report problems with startup, you must send a trace. Taking > a command out of context and saying "look, this didn't work" will get you > sympathy but no help. I apologize; I didn't read the Troubleshooting Guide before writing... otherwise I would have already sent the "shorewall debug start 2> /tmp/trace" output. > > (masquerading for all machines in loc except for the two with static NAT). > > Which is totally unnecessary -- static nat is applied before masquerade. This is good news; probably I did not understand well the documentation. Or maybe it was necessary in some (very old) version? > I found a bug that may explain this problem. But it is a "day-1" 3.2 bug so I > don't know if the attached patch to /usr/share/shorewall/compiler will correct > your problem or not. It does! > At any rate, what you were doing (exclusing the static nat addresses from > masquerade) is unnecessary. Noted, thanks. Now I have a simpler config... > That should have been "*excluding* the static...". I did'nt even notice the typo ;) > Also, I just noticed that the patch in my previous message contained changes > to the release notes as well as to the compiler. Here's a proper patch. I already applied only the modifications to the code. Tom, thanks a lot for your outstanding support. I would like to take this occasion to thank you for your excellent work, and to thank also the other developers and volunteers of the community. Shorewall is a very valuable project. Elio ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
