Re: [Shorewall-users] SNAT problem 5.1.12.3

Sat, 05 May 2018 03:05:03 -0700 

Hi Tom,
There's nothing in the syslog except the following 2 lines:

Shorewall Stopped
ERROR:Shorewall start failed

I didn't see anything in the trace file that I attached in the original
post to help me find the problem
Thanks
Huy

On 4 May 2018 at 16:19, Tom Eastep <teas...@shorewall.net> wrote:

> On 05/04/2018 05:08 AM, Huy Bui wrote:
> > Hi
> > I am trying to set up SNAT so that smtp traffic from my dmz will have a
> > source of a certain ip address and the rest can use the default on eth0
> > However I keep getting the error
> >
> > Preparing iptables-restore input...
> > Running /sbin/iptables-restore ...
> > iptables-restore: line 39 failed
> >    ERROR: iptables-restore Failed. Input is in
> > /var/lib/shorewall/.iptables-restore-input
> >
> > Here's the content of my /etc/shorewall/snat
> >
> > #
> > # Shorewall -- /etc/shorewall/snat
> > #
> > # For information about entries in this file, type "man shorewall-snat"
> > #
> > # See http://shorewall.net/manpages/shorewall-snat.html
> > <http://shorewall.net/manpages/shorewall-snat.html> for more information
> > #
> > ############################################################
> ####################
> > #ACTION                 SOURCE                  DEST            PROTO
>  PORT
> > #MASQUERADE     192.168.10.0/24 <http://192.168.10.0/24>    eth0
> > #MASQUERADE     192.168.11.0/24 <http://192.168.11.0/24>    eth0
> > SNAT(192.168.0.253)    192.168.1.0/24 <http://192.168.11.0/24>
> >  eth0    tcp     smtp
> > SNAT( 192.168.0.254)    192.168.1.0/24 <http://192.168.11.0/24>
>  eth0
> >
> > If I commented out the SNAT lines and un-commented the Masquerade lines
> > then shorewall can start OK
> > Please help.
> > Thank you in advance
>
> What do you see in the system log when this occurs?
>
> -Tom
> --
> Tom Eastep        \   Q: What do you get when you cross a mobster with
> Shoreline,         \     an international standard?
> Washington, USA     \ A: Someone who makes you an offer you can't
> http://shorewall.org \   understand
>                       \_______________________________________________
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to