Hi, This is a follow-up to my previous e-mail "From: Vieri Di Paola <vieridipa...@yahoo.com> - 2018-10-01 17:31:37". I'm writing from my gmail account because as stated in my previous post, I can't access mail.yahoo.com through my shorewall gateway for some reason I can't figure out. It might be because of my snat file.
The error I get with my snat file is shown below: Creating iptables-restore input... Compiling /etc/shorewall/stoppedrules... Shorewall configuration compiled to /var/lib/shorewall/.restart Configuration uses these capabilities ('*' denotes required): ADDRTYPE AMANDA_HELPER* BASIC_FILTER COMMENTS CONNMARK* CONNMARK_MATCH* CONNTRACK_MATCH CT_TARGET* ENHANCED_REJECT EXMARK FLOW_FILTER FTP_HELPER* FWMARK_RT_MASK GEOIP_MATCH* GOTO_TARGET H323_HELPER* HASHLIMIT_MATCH* IFACE_MATCH IPRANGE_MATCH* IPSET_MATCH* IPTABLES_S IRC_HELPER* LOG_TARGET* MANGLE_ENABLED MANGLE_FORWARD MARK MULTIPORT* NAT_ENABLED NAT_INPUT_CHAIN NETBIOS_NS_HELPER* NEW_CONNTRACK_MATCH NFQUEUE_TARGET* PPTP_HELPER* RAW_TABLE RECENT_MATCH SANE_HELPER* SIP_HELPER* SNMP_HELPER* STATISTIC_MATCH* TFTP_HELPER* WAIT_OPTION XMULTIPORT* /var/lib/shorewall/.restart: line 2998: syntax error near unexpected token `fi' /var/lib/shorewall/.restart: line 2998: ` fi' My relevant config files are: # cat snat SNAT($IF_ISP3_IP) 0.0.0.0/0 $IF_ISP3 SNAT($IF_ISP2_IP) 0.0.0.0/0 $IF_ISP2 SNAT($IF_ISP1_IP) 0.0.0.0/0 $IF_ISP1 SNAT($IF_ISP3_IP) $IF_LAN $IF_ISP3 SNAT($IF_ISP2_IP) $IF_LAN $IF_ISP2 SNAT($IF_ISP1_IP) $IF_LAN $IF_ISP1 SNAT($IF_ISP3_IP) $IF_DMZ $IF_ISP3 SNAT($IF_ISP2_IP) $IF_DMZ $IF_ISP2 SNAT($IF_ISP1_IP) $IF_DMZ $IF_ISP1 SNAT($IF_LAN_MASQ_ADDRESS) $IF_LAN_MASQ_SOURCE $IF_LAN # cat params IF_LAN=enp10s0 IF_DMZ=enp5s0 IF_ISP1_ETH=enp7s0 IF_ISP2_ETH=enp6s0 IF_ISP3_ETH=enp8s5 IF_ISP1=ppp1 IF_ISP2=ppp2 IF_ISP3=ppp3 IF_ISP1_IP=detect IF_ISP2_IP=detect IF_ISP3_IP=detect IF_ISP1_GW=- IF_ISP2_GW=- IF_ISP3_GW=- IF_LAN_MASQ_ADDRESS=10.215.144.92 IF_LAN_MASQ_SOURCE=172.16.0.2 As requested earlier, my failing .restart file can be found here: https://drive.google.com/open?id=1tMt3VqtXE9CX1YVZIGUwmmOWhtx1CC4M The offending code is the following clause (repeated twice for each ppp interface): if [ "$SW_PPP1_ADDRESS" != 0.0.0.0 ]; then fi # shorewall version 5.2.0.5 Thanks, Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users