j2
2002-Jul-28 22:51 UTC
[Shorewall-users] Redirect and 1.3.5 (yes, i read the errata tom ;) )
I upgrade to the 1.3.5 debian archive (which is supposedly 1.3.5a). But i get the below error message. I did even manually replace my /var/lib/shorewall/firewall with the updated version, and still get the same error. I have read the errata, and i think i have searched through the ML-archives. What have i missed (this time?). curtain:/etc/init.d# shorewall check Processing /etc/shorewall/shorewall.conf ... Processing /etc/shorewall/params ... Verifying Configuration... Loading Modules... Determining Zones... Zones: net loc dmz locB Validating interfaces file... Validating hosts file... Determining Hosts in Zones... Net Zone: eth0:0.0.0.0/0 Local Zone: eth2:0.0.0.0/0 Warning: Zone dmz is empty LocalB Zone: eth1:0.0.0.0/0 Validating rules file... Rule "ACCEPT loc fw tcp ssh" validated. Rule "ACCEPT net fw tcp auth" validated. Rule "ACCEPT fw net udp ntp" validated. Rule "ACCEPT fw net tcp http,https,domain,ssh,time,smtp" validated. Rule "ACCEPT fw net udp domain" validated. Rule "ACCEPT fw net icmp echo-request,echo-reply" validated. Rule "ACCEPT fw loc tcp ssh" validated. Rule "ACCEPT loc fw udp domain" validated. Rule "ACCEPT fw loc tcp mysql" validated. Rule "ACCEPT fw loc udp mysql" validated. Rule "ACCEPT net loc:192.168.0.130 tcp smtp - all" validated. Rule "ACCEPT net loc:192.168.0.130 tcp pop3 - all" validated. Rule "ACCEPT net loc:192.168.0.130 tcp http,https - all" validated. Error: server port may not be specified in an ACCEPT rule; rule: "ACCEPT net loc:192.168.0.130:22 tcp 11111 - all" Terminated curtain:/etc/init.d#
Tom Eastep
2002-Jul-28 23:15 UTC
[Shorewall-users] Redirect and 1.3.5 (yes, i read the errata tom ;) )
On Mon, 29 Jul 2002, j2 wrote:> Rule "ACCEPT net loc:192.168.0.130 tcp pop3 - all" validated. > Rule "ACCEPT net loc:192.168.0.130 tcp http,https - all" validated. > Error: server port may not be specified in an ACCEPT rule; rule: "ACCEPT > net loc:192.168.0.130:22 tcp 11111 - all" > Terminated > curtain:/etc/init.d#Crap! Looks like 1.3.5(a) doesn''t like the 1.2 rule syntax any more. You can change the rule to a DNAT rule: DNAT net loc:192.168.0.130:22 tcp 11111 -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
j2
2002-Jul-29 08:57 UTC
[Shorewall-users] Redirect and 1.3.5 (yes, i read the errata tom ;) )
> Crap! Looks like 1.3.5(a) doesn''t like the 1.2 rule syntax any more. You > can change the rule to a DNAT rule: > > DNAT net loc:192.168.0.130:22 tcp 11111Thanks. And that''ll work the same as the redirect syntax?
Tom Eastep
2002-Jul-29 13:55 UTC
[Shorewall-users] Redirect and 1.3.5 (yes, i read the errata tom ;) )
On Mon, 29 Jul 2002, j2 wrote:> > Crap! Looks like 1.3.5(a) doesn''t like the 1.2 rule syntax any more. You > > can change the rule to a DNAT rule: > > > > DNAT net loc:192.168.0.130:22 tcp 11111 > > Thanks. And that''ll work the same as the redirect syntax? >Yes. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net