[Shorewall-users] Logging lies

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Just a last month I installed 3.0.8, (only to find my self
back level again).

Looking at the logging I found this oddity that differs
from prior version, and seems less usefull, because its hard to
see where the packets actually went.

Sample:-------

Old version:
Rule:
DNAT:info       net   loc:192.168.2.9:5900   tcp     5910

Resultant Log:
Jul 28 22:21:21 norcomix kernel: Shorewall:net2loc:DNAT:IN=eth0 OUT=eth1
SRC=206.174.67.201 DST=192.168.2.9 LEN=48 TOS=0x00 PREC=0x00 TTL=124
ID=22326 DF PROTO=TCP SPT=4516 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0

New Version: 3.0.6
Rule
DNAT:info       net   loc:192.168.0.2:5905      tcp     5909

Resultant Log:
Jul 28 22:25:45 haight kernel: Shorewall:net_dnat:DNAT:IN=eth0 OUT=
MAC=00:13:72:f7:8f:ea:00:0f:35:2a:c8:00:08:00 SRC=206.174.67.201
DST=24.23X.XXX.112 LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=23219 DF PROTO=TCP
SPT=1885 DPT=5909 WINDOW=65535 RES=0x00 SYN URGP=0

----------

In the old version listed the IP and Mac address of the machine
on the lan (192.168.2.9).

In the New Version,
The DST Ip is reported as the external interface IP of
the Firewall, rather than the IP of the internal machine that the rule
routed it to.  (I obfuscated the ip a bit).

All my  rules were in the NEW section (by default).

John Andersen
js...@no...