-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 01/07/2017 09:23 AM, Tom Eastep wrote: > On 01/07/2017 09:11 AM, Tom Eastep wrote: >> On 01/07/2017 08:35 AM, Luke Jordan wrote: > > >>> it doesn't work: > >>> /etc/shorewall6/mangle: MARK(768):P eth0 - tcp >>> 22,47238,52486 # ssh traffic by dsl MARK(512):P eth0 - >>> - - >>> # other traffic by cbl > >>> IP6TABLES(DNPT --src-pfx 2001:XXXX:YYYY:100::/64 --dst-pfx >>> fdae:fa7:dead:beef::/64 ):P eth0 - - - > >>> IP6TABLES(SNPT --src-pfx fdae:fa7:dead:beef::/64 --dst-pfx >>> 2001:XXXX:YYYY:100::/64 ):P eth0 - - - > >>> result: > >>> Checking /etc/shorewall6/mangle... ERROR: Invalid ACTION >>> (IP6TABLES(DNPT --src-pfx 2001:XXXX:YYYY:100::/64 --dst-pfx >>> fdae:fa7:dead:beef::/64 ):P) /etc/shorewall6/mangle (line 18) > >>> fdae:fa7:dead:beef::/64 is the local network, >>> 2001:XXXX:YYYY:100::/64 the network of a provider. > > >> Did you add DNPT as a nat builtin action in >> /etc/shorewall6/actions?
I meant 'mangle' rather than 'nat'. > > > Nevermind -- it is a bug in the IP6TABLES parser -- it doesn't > expect IPv6 addresses in the action parameters :-( > You can work around the problem by fully expressing the IP addresses (e.g., 2001:XXXX:YYYY:100:0:0:0:0/64). - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJYcSeJAAoJEJbms/JCOk0QpNIP/3rz1zy80Ddd5xbb2WQ85Qr8 XyOgdPsdwtTJjfgw82PffbNAAj4cDCdK91TGCuzQRl4o/g4c/N4rtpFZqgsJhCxC xi/LfLc6pkfk3EdTyZWo6l6gNun+WMTrhuLA0vE+fhfF3EqaaNGNXrgCVh3BO9+5 UYT8u1U4Te/5xu/+Zd297d6wmAa5bUOddV+RnqkRMgqFhUr2EmfaX8wDEYHVvJOR U/WZdUB2AfE9OjJ/FUZ9xiAQVhqX7mkh8S5rKIbMe/fAgPht0S54b85fwtg6ehJY cnkT1CFJER6IOV2Q0NJ+MxwvWfcGvW4+2vSjsushbuGOzpEPc3H5qawVzDRCwsPo N8BBmPTl+79hzg+E373YUlViZLi0u8albQCK9El3YA4+eomFvqdqhxsmDqOAYn/O aEZ9MUYEXUpxIzI5sSaKwcbCTqvU/i3mcObZJC6ftD0JJ1oLs38AXF+/q0PgX5fN IbSl7+cChU9RPwMvDpcCnYtxH76wmcZ6bG7stCqD6de3fBD8liIg1LIrzZpmmtx4 Sw4b1SD7Af3p1uxSqIFvnMh3FBjFthyn6KX8bVvoqAsEMHVyB0cdAABKub0NN+03 1rZcpYQTpqxIF0JATwz7FD12n1/O43KjZv8YhdasY0cd0PGsjoUSKbvoTO6M2cUZ Z/6GvbXhlMHLPQcvdHsT =irTJ -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
