thr3ads.net - Shorewall users - Issue migrating from 1.4.6c to 2.4.0 with all zone in DNAT rule [Jun 2005]

If this information is useful, please help other people find it:
Share via:

Nicolas Helleringer

2005-Jun-22 10:07 UTC

Issue migrating from 1.4.6c to 2.4.0 with all zone in DNAT rule

Hi all,

net : internet zone
dmz : DMZ zone
Lan : local network zone

in 1.4.6c this rule :

DNAT    all    lan:10.0.0.1    tcp    http    -    192.0.0.1

does generate the following iptables rules in nat table :

Chain OUTPOUT
DNAT    tcp    --   0.0.0.0/0    192.0.0.1    tcp dpt:http to:10.0.0.1
Chain net_dnat
DNAT    tcp    --   0.0.0.0/0    192.0.0.1    tcp dpt:http to:10.0.0.1
Chain dmz_dnat
DNAT    tcp    --   0.0.0.0/0    192.0.0.1    tcp dpt:http to:10.0.0.1
Chain lan_dnat
DNAT    tcp    --   0.0.0.0/0    192.0.0.1    tcp dpt:http to:10.0.0.1

in 2.4.0 the same rule does generate only :

Chain OUTPOUT
DNAT    tcp    --   0.0.0.0/0    192.0.0.1    tcp dpt:http to:10.0.0.1
Chain net_dnat
DNAT    tcp    --   0.0.0.0/0    192.0.0.1    tcp dpt:http to:10.0.0.1
Chain dmz_dnat
DNAT    tcp    --   0.0.0.0/0    192.0.0.1    tcp dpt:http to:10.0.0.1

It lacks the lan -> lan rule that did exists before.

As my lan network as multiple IPs subnetworks on it with routeback
option activated, it is quite annoying to have to re-enter a specific
rule as
DNAT lan lan:10.0.0.1 tcp http - 192.0.0.1

Is there any option in Shorewall 2.4.0 to re-enable previous bahavior ?

Thanks for your help

Possibly Parallel Threads

Search for more maybe matching threads

Shorewall users - Jun 2005 - Issue migrating from 1.4.6c to 2.4.0 with all zone in DNAT rule

Issue migrating from 1.4.6c to 2.4.0 with all zone in DNAT rule

Possibly Parallel Threads

Wisdom of the Ancients