From: andreil1 <and...@st...> - 2017-09-15 12:26:20
|
Hi, Yes, its 42.2, I’ve used rpms from 42.3 Just updated shorewall-init, shorewall-core, shorewall to 5.1.5.2-213.1. Some strange problem. My snat is quite simple. MASQUERADE 192.168.0.0/24 eth0 MASQUERADE 192.168.0.0/24 eth1 MASQUERADE 192.168.1.0/24 eth0 MASQUERADE 192.168.1.0/24 eth1 MASQUERADE 192.168.0.0/24 eth3:192.168.1.2 tcp 53 MASQUERADE 192.168.0.0/24 eth3:192.168.1.2 udp 53 Where 192.168.0.xx is loc 192.168.1.yy is dmz > On 15 Sep 2017, at 14:13, Bruno Friedmann <br...@io...> wrote: > > On vendredi, 15 septembre 2017 12.32:37 h CEST andreil1 wrote: >> Hi, >> >> I’ve got really strange problem, which seem to be appeared after update from >> shorewall 4.6.13.4 to 5.1.4.3 on OpenSUSE 42.2 (shorewall update was run >> after upgrade). I have not used this DNAT for a while, so can’t tell for >> sure when it stopped. >> >> DNAT currently working >> ACCEPT net dmz tcp xx >> DNAT net dmz:192.168.1.2:yy tcp xx >> >> DNAT currently NOT working >> ACCEPT net loc tcp xx >> DNAT net loc:192.168.0.2:yy tcp xx >> >> Port yy is open on 192.198.0.2, I can connect from local net. >> >> I can still use rinetd to do the work, however, it can’t redirect UDP. >> >> What could be the problem ? >> >> Thanks in advance for any suggestion(s). > > Are you sure you're still on 42.2, I (as shorewall maintainer at openSUSE) > did not sent shorewall update for 42.2. > > 5.1.4.3 appear in 42.3 (due to end of life of shorewall 4x version) > During the update there's a warning about the need to run shorewall update -A > Afterwards, only snat file has normally to be edited to insert new rules (old > nat.rpmsave) > > And there was the problem with the dropBcats, but this is resolved with the > new maintenance 5.1.5.2-3.1 published the 13th September. > > But I don't see why this rules wouldn't work. > I've for example this kind of rules which works > > DNAT net:$trusted lan:$coucou:3389 tcp 3399 > > > -- > > Bruno Friedmann > Ioda-Net Sàrl www.ioda-net.ch > Bareos Partner, openSUSE Member, fsfe fellowship > GPG KEY : D5C9B751C4653227 > irc: tigerfoot > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Shorewall-users mailing list > Sho...@li... > https://lists.sourceforge.net/lists/listinfo/shorewall-users |