From: Rich W. <ri...@ri...> - 2008-11-13 04:47:18
|
On September 5, Tom wrote: > In Shorewall 4.2, you can leave the 'loc:' out of the DNAT- rule. I tried that just now (shorewall-perl 4.2.1), and I got an error: Checking... WARNING: Destination zone (172.29.0.29) ignored : /etc/shorewall/rules (line 38) ERROR: Unknown Host (0.0.0.0/0) : /etc/shorewall/rules (line 38) where 172.29.0.29 is the destination address on my home LAN. Without the zone, it looks like the destination address is misinterpreted as an (undefined) zone, plus a "zero" address. When I put the zone back in (i.e., int:172.29.0.29), I got a warning: Checking... WARNING: Destination zone (int) ignored : /etc/shorewall/rules (line 38) though the firewall appears to work OK despite this warning. Does this sound like a Shorewall bug? Or does it sound like I'm doing something wrong in my firewall definition? -- Rich Wales === Palo Alto, CA, USA === ri...@ri... http://www.richw.org === http://en.wikipedia.org/wiki/User:Richwales |