On 7 Jul 2011, at 01:22, Tom Eastep wrote: > > On Jul 6, 2011, at 5:17 PM, J. Randall Owens wrote: >> >> I don't know about TPROXY in particular, but in most places in shorewall6, >> you can enclose the IPv6 addresses (including prefix length) in angle >> brackets, like so (all mine are in hosts so far, so these are with >> interfaces): >> eth0:<2001:470:1::/64,fe80::/10> >> >> Note that multiple entries are enclosed in one set of brackets, rather >> than one pair of brackets per address range. > > Please also note that <...> is deprecated in favor of the more standard [...]. > > -Tom
Hi Tom, It's on this page: http://docs.huihoo.com/shorewall/4.4/manpages6/shorewall6-tcrules.html I'm almost sure I originally saw it on shorewall.net, but I certainly don't now. Or even in the shorewall-tcrules page - in fact neither of them seem (currently) to make any mention of TPROXY, although http://www.shorewall.net/Shorewall_Squid_Usage.html#TPROXY does. I tried the suggestions about encapsulating the address in square or angle brackets, but I still get the error; I've included it below to be sure we're on the same page. It certainly *seems* to be working; the local squid is only listening on [::1]:3128 and 127.0.0.1:3128, and if I understand correctly the default would be to use the original source interface. Also, if I remove the interface option it stops working. Dominic Jul 7 8:35:59 Compiling /etc/shorewall6/tcrules... Jul 7 08:35:59 ERROR: Invalid MARK (TPROXY(10,3128,[::1])) : /etc/shorewall6/tcrules (line 4) ERROR: Invalid MARK (TPROXY(10,3128,[::1])) : /etc/shorewall6/tcrules (line 4) Jul 7 8:37:14 Compiling /etc/shorewall6/tcrules... Jul 7 08:37:14 ERROR: Invalid MARK (TPROXY(10,3128,<::1>)) : /etc/shorewall6/tcrules (line 4) ERROR: Invalid MARK (TPROXY(10,3128,<::1>)) : /etc/shorewall6/tcrules (line 4) Jul 7 8:37:40 Compiling /etc/shorewall6/tcrules... Jul 7 08:37:40 ERROR: Invalid MARK (TPROXY(10,3128,::1)) : /etc/shorewall6/tcrules (line 4) ERROR: Invalid MARK (TPROXY(10,3128,::1)) : /etc/shorewall6/tcrules (line 4) ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
