Tom Eastep wrote: > Matt LaPlante wrote: >> Based on my reading of the DEST section of the rules man page >> [http://www.shorewall.net/manpages/shorewall-rules.html], "Beginning >> with Shorewall 4.1.4, the zone should be omitted in DNAT-, REDIRECT- >> and NONAT rules." This seems to jive with a warning thrown by >> shorewall-perl 4.2.6 when a zone is left in: >> >> Example: >> DNAT- loc net:1.2.3.4:2525 tcp 25 >> >> Produces: >> "WARNING: Destination zone (net) ignored : /etc/shorewall/rules" >> >> Ok, makes sense. But then, when the zone is actually omitted, things >> go horribly wrong: >> >> Example: >> DNAT- loc 1.2.3.4:2525 tcp 25 >> >> Produces: >> "WARNING: Destination zone (1.2.3.4) ignored : /etc/shorewall/rules (line >> 459) >> Can't call method "inet_htoa" without a package or object reference at >> /usr/share/shorewall-perl/Shorewall/IPAddrs.pm line 150, >> <$currentfile> line 459." >> >> Is this a bug or a misinterpretation of the docs? > > It is a case of Shorewall-perl neglecting to generate a fatal error for > an absurd rule.
Given that the server port (2525) can have no possible meaning in a DNAT- rule, the parser tries to handle "1.2.3.4:2525" as a <zone>:<IP adddress> pair. It generates the warning regarding 1.2.3.4 then flails away trying to validate 2525 as an IP address. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
