Tom,
1. shorewall.tar.gz attached (including generated caps file) as requested
2. I noticed that I was still using shorewall.conf from 4.4.18.1, so
swapped to the new conf file:
1. now, no error is reported - but this appears to be because
OPTIMIZE=0 has now been made the default
2. OPTIMIZE=4 results in the error report as before; other bits
(e.g. OPTIMIZE=11) do not
3. however, REDIRECT still does not appear to be working, with
or without the OPTIMIZE bit that results in the error report
3. I have some experience with iptables-based firewalls, but would
not claim to be 'expert'. Is it correct that in 'shorewall show -t
nat', the dnat chain (which references net_dnat) should show 0
references?And of course, many thanks again for taking a look. George On 05/04/2011 16:49, Tom Eastep wrote:
On 04/05/2011 07:57 AM, Cameron, George G. wrote:General status ============== Shorewall has been working fine, filtering as expected, external ssh and other connections to workstation working, all functions appear normal, until I wanted to add a REDIRECT command so that ssh connections could be made to the machine on tcp port 1234 in addition to the usual port 22 Minimal rules file used in testing REDIRECT =========================================== #SECTION ESTABLISHED #SECTION RELATED SECTION NEW # ACCEPT net $FW tcp 22 ACCEPT net $FW tcp 1234 REDIRECT net 22 tcp 1234 Observed behaviour ================== 1. Compiler (optimiser?) reports error on line 862 of Chains.pm, shown below: # /sbin/shorewall restart Compiling... (lines omitted for clarity) Applying Policies... Generating Rule Matrix... Optimizing Ruleset... Can't use an undefined value as an ARRAY reference at /usr/share/shorewall/Shorewall/Chains.pm line 862. Restarting Shorewall.... Initializing...I'm unable to reproduce this failure and REDIRECT works fine here. Please: 1. shorewall show -f capabilities> /etc/shorewall/caps 2. tar -xf shorewall.tar /etc/shorewall 3. Send me the tarball Thanks, -Tom
-- --------------------------------------------------------------------- George Cameron Email: [email protected] School of Medical Sciences College of Life Sciences& Medicine University of Aberdeen Foresterhill Fax: +44 (0)1224-552514 Aberdeen AB25 2ZD Telephone: +44 (0)1224-553210 Scotland, UK
shorewall.tar.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
