Steven Jan Springl wrote: > On Saturday 28 April 2007 16:00, Tom Eastep wrote: >> Steven Jan Springl wrote: >>> On Saturday 28 April 2007 02:52, Tom Eastep wrote: >>>> Steven Jan Springl wrote: >>>>> Tom >>>>> >>>>> When eth0!192.168.0.2 is entered in the source field of masq e.g. >>>>> >>>>> eth0 eth0!192.168.0.2 detect >>>>> >>>>> shorewall-perl generates error: >>>>> >>>>> iptables-restore v1.3.6 host/network 'eth0' not found >>>>> >>>>> It works with shorewall-shell. >>>> Steven, >>>> >>>> Given Shorewall-shell's uniform treatment of all rules, the canonical >>>> form of that rule is now accepted: >>>> >>>> ethx eth0:!192.168.0.2 ... >>>> >>>> I'll document that for the next 3.9 release (I seem to recall >>>> documenting that somewhere already but I can't lay my hands on it at the >>>> moment). >>>> >>>> -Tom >>> Tom >>> >>> Changing the masq rule to: >>> >>> eth0 eth0:!192.168.0.2 detect >>> >>> generates the following iptables rule: >>> >>> -A eth0_masq -s 192.168.0.0/24 -s ! 192.168.0.2 -j SNAT --to-source >>> 192.168.0.4 >>> >>> which gives the error: >>> >>> iptables-restore v1.3.6 multiple -s flags not allowed >> Please try 6145. >> >> Thanks, Steven >> >> -Tom > > Tom > > That works provided eth0 has only one IP address. > > If eth0 has 2 IP addresses then the following iptables rule is generated: > > -A exc10 -j SNAT --to--source 192.168.0.4 --to-source 10.1.1.1 > > this produces error: > > iptables-restore v1.3.4: Multiple --to-source not supported.
Yes. That support was removed from Netfilter some time ago. So 'detect' in the ADDRESSES column only works when there is a single address (unless you have an old kernel). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
