Lars Erik Dangvard Jensen wrote: > Hello list > > I try this in the configuration: > > DNAT inet1 dmz2:10.0.1.16-10.0.1.17 > tcp PORT - PUBIP > > The connection keeps going to the last IP address (10.0.1.17) > > Using shorewall 4.0.4 (perl) and it does not result in round-robin, > will it help to upgrade or is the syntax wrong?
The syntax is correct and it won't help to upgrade; in looking at this, I discovered that round-robin is completely broken beginning with 4.0.5 (patch for 4.0.5-4.0.7 attached). I took a quick look at the Netfilter and Netfilter-devel lists and didn't see where anyone has reported this being broken in the kernel. So the only thing I can suggest is to check the output of "shorewall show nat" to be sure that the DNAT rule is being generated correctly. You should see something like '..... to:10.0.1.16-10.0.1.17:PORT'. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Index: Shorewall/Rules.pm
===================================================================
--- Shorewall/Rules.pm (revision 8026)
+++ Shorewall/Rules.pm (working copy)
@@ -1131,7 +1131,11 @@
} else {
fatal_error "A server must be specified in the DEST column in $action rules" if $server eq '';
- validate_address $server, 0;
+ if ( $server =~ /^(.+)-(.+)$/ ) {
+ validate_range( $1, $2 );
+ } else {
+ validate_address $server, 0;
+ }
if ( $action eq 'SAME' ) {
fatal_error 'Port mapping not allowed in SAME rules' if $serverport;
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
