Rich Wales
2008-Nov-13 04:47 UTC
Need destination zone with DNAT- in shorewall-perl 4.2.1?
On September 5, Tom wrote:> In Shorewall 4.2, you can leave the ''loc:'' out of the DNAT- rule.I tried that just now (shorewall-perl 4.2.1), and I got an error: Checking... WARNING: Destination zone (172.29.0.29) ignored : /etc/shorewall/rules (line 38) ERROR: Unknown Host (0.0.0.0/0) : /etc/shorewall/rules (line 38) where 172.29.0.29 is the destination address on my home LAN. Without the zone, it looks like the destination address is misinterpreted as an (undefined) zone, plus a "zero" address. When I put the zone back in (i.e., int:172.29.0.29), I got a warning: Checking... WARNING: Destination zone (int) ignored : /etc/shorewall/rules (line 38) though the firewall appears to work OK despite this warning. Does this sound like a Shorewall bug? Or does it sound like I''m doing something wrong in my firewall definition? -- Rich Wales === Palo Alto, CA, USA === richw@richw.org http://www.richw.org === http://en.wikipedia.org/wiki/User:Richwales ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
shorewalljunky@comcast.net
2008-Nov-13 16:27 UTC
Re: Need destination zone with DNAT- in shorewall-perl 4.2.1?
Rich Wales wrote:> Does this sound like a Shorewall bug?Yes, it does. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/