similar to: VPN hardware?

I made a boo boo in my config and put in this rule #PPTP DNAT net:213.67.241.162/217.209.46.204/32 loc:192.168.221.200 tcp 1723 DNAT net:213.67.241.162/32,217.209.46.204/32 loc:192.168.221.200 47 - And the the following happened.. and I wonder why it didn''t complain? I am sure I am just misunderstanding some doc

Right, time to (as someone said) put this thread to a proper rest. Some of you have probably read my VPN/Routing/Lost packages hassles in the last week, well, here is the rundown. Look at http://statler.mupp.net/shorewall/Layout.jpg Basically. The shorewall knows the route to the .224.0/24 net is through .221.221. The systems in .221.0/24 has the FW as their default gw. The FW could reach

https://bugzilla.netfilter.org/show_bug.cgi?id=1142 Bug ID: 1142 Summary: invalid binop operation 6nft Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter:

https://bugzilla.netfilter.org/show_bug.cgi?id=1479 Bug ID: 1479 Summary: seqnum_to_json() is slow Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter:

https://bugzilla.netfilter.org/show_bug.cgi?id=1734 Bug ID: 1734 Summary: nft set with auto-merge json import/export Product: nftables Version: 1.0.x Hardware: All OS: All Status: NEW Severity: minor Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1689 Bug ID: 1689 Summary: Resetting the timeout counter for a named set element Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=1728 Bug ID: 1728 Summary: Regression: iptables lock is now waited for without --wait Product: iptables Version: 1.8.x Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5 Component: unknown

https://bugzilla.netfilter.org/show_bug.cgi?id=1685 Bug ID: 1685 Summary: Calling the nftnl_set_free function may trigger the "double free" problem. Product: libnftnl Version: unspecified Hardware: All OS: All Status: NEW Severity: critical Priority: P5

https://bugzilla.netfilter.org/show_bug.cgi?id=1395 Bug ID: 1395 Summary: Add element fails with Error: Could not process rule: Invalid argument Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: critical Priority: P5 Component: nft

Two legged 1.4.2 firewall zone nwl is eth0 (192.168.221.0/24 ($FW on .205)) zone jvc is eth1 (10.200.47.0/24 ($FW on .253)) Lets suppose i need to allow traffic from nwl to "jvn" which is 10.200.0.0/16 (yes, i do realize that they overlap) and route that traffic to 10.200.47.254? The router upstream from this one routes 10.200.0.0/16 -> 192.168.221.205 and i do see

https://bugzilla.netfilter.org/show_bug.cgi?id=1059 Bug ID: 1059 Summary: Using wildcard interface names in an anonymous set fails on big endian Product: nftables Version: unspecified Hardware: ppc OS: other Status: NEW Severity: major Priority: P5 Component: nft

https://bugzilla.netfilter.org/show_bug.cgi?id=914 Summary: nft configure does not use --prefix as include/lib search path Product: nftables Version: unspecified Platform: x86_64 OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component: nft AssignedTo: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=895 Summary: Add a 'ipv6_address' set into a ipv4 table and vice versa Product: nftables Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: enhancement Priority: P5 Component: nft

https://bugzilla.netfilter.org/show_bug.cgi?id=1099 Bug ID: 1099 Summary: Minor typo in wiki.nftables.org Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: trivial Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1481 Bug ID: 1481 Summary: [ebtables-nft] ebtables -E gives error Product: iptables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: iptables Assignee:

https://bugzilla.netfilter.org/show_bug.cgi?id=1391 Bug ID: 1391 Summary: iptables-nft-restore --test can segfault Product: nftables Version: unspecified Hardware: x86_64 OS: Gentoo Status: NEW Severity: normal Priority: P5 Component: iptables over nftable Assignee: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=1452 Bug ID: 1452 Summary: Incorrect information in the iptables-extensions(8) man page Product: iptables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: minor Priority: P5 Component: iptables

https://bugzilla.netfilter.org/show_bug.cgi?id=1759 Bug ID: 1759 Summary: flush and delete nft commands need an option to ignore non-existant objects Product: nftables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: enhancement Priority: P5

https://bugzilla.netfilter.org/show_bug.cgi?id=1772 Bug ID: 1772 Summary: Double free corruption in libnftables Product: nftables Version: 1.0.x Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1775 Bug ID: 1775 Summary: RAW PAYLOAD EXPRESSION offset is limited to 2048 Product: nftables Version: 1.0.x Hardware: All OS: All Status: NEW Severity: critical Priority: P5 Component: nft Assignee: pablo at netfilter.org