On 09/26/2012 01:26 AM, Nuno Fernandes wrote: > Hello, > > # grep IMPLICIT_CONTINUE /etc/shorewall/shorewall.conf > > IMPLICIT_CONTINUE=No > > I'll read more info on that at home... > > Best regards, > > Nuno Fernandes > > > > Hello, > > I've changed the IMPLICIT_CONTINUE to yes and the dnat table remains the > same. Any ideas? >
Hmmm -- I'm not able to reproduce your problem with 4.5.6.2. I have zones: fw firewall net ipv4 loc ipv4 chld:net ipv4 interfaces: net eth0 ... net eth2 ... loc eth1 ... hosts: chld eth0:1.2.3.4 chld eth2:1.2.3.4 rules: DNAT net loc:10.0.0.1 tcp 444 This is generating (with OPTIMIZE=0): *nat :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :eth0_masq - [0:0] :net_dnat - [0:0] -A PREROUTING -i eth0 -j net_dnat -A PREROUTING -i eth2 -j net_dnat -A POSTROUTING -o eth0 -j eth0_masq -A eth0_masq -s 10.0.0.0/8 -j MASQUERADE -A eth0_masq -s 169.254.0.0/16 -j MASQUERADE -A eth0_masq -s 172.16.0.0/12 -j MASQUERADE -A eth0_masq -s 192.168.0.0/16 -j MASQUERADE -A net_dnat -p 6 --dport 444 -j DNAT --to-destination 10.0.0.1 COMMIT If you will send me privately a tarball of /etc/shorewall (with capabilities file), I'll try to determine what's going on. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
