On 10/02/2018 03:14 AM, Vieri Di Paola wrote:
> Hi,
> 
> This is a follow-up to my previous e-mail "From: Vieri Di Paola
> <vieridipa...@yahoo.com> - 2018-10-01 17:31:37". I'm writing from my
> gmail account because as stated in my previous post, I can't access
> mail.yahoo.com through my shorewall gateway for some reason I can't
> figure out. It might be because of my snat file.
> 
> The error I get with my snat file is shown below:
> 
> Creating iptables-restore input...
> Compiling /etc/shorewall/stoppedrules...
> Shorewall configuration compiled to /var/lib/shorewall/.restart
> Configuration uses these capabilities ('*' denotes required):
>    ADDRTYPE
>    AMANDA_HELPER*
>    BASIC_FILTER
>    COMMENTS
>    CONNMARK*
>    CONNMARK_MATCH*
>    CONNTRACK_MATCH
>    CT_TARGET*
>    ENHANCED_REJECT
>    EXMARK
>    FLOW_FILTER
>    FTP_HELPER*
>    FWMARK_RT_MASK
>    GEOIP_MATCH*
>    GOTO_TARGET
>    H323_HELPER*
>    HASHLIMIT_MATCH*
>    IFACE_MATCH
>    IPRANGE_MATCH*
>    IPSET_MATCH*
>    IPTABLES_S
>    IRC_HELPER*
>    LOG_TARGET*
>    MANGLE_ENABLED
>    MANGLE_FORWARD
>    MARK
>    MULTIPORT*
>    NAT_ENABLED
>    NAT_INPUT_CHAIN
>    NETBIOS_NS_HELPER*
>    NEW_CONNTRACK_MATCH
>    NFQUEUE_TARGET*
>    PPTP_HELPER*
>    RAW_TABLE
>    RECENT_MATCH
>    SANE_HELPER*
>    SIP_HELPER*
>    SNMP_HELPER*
>    STATISTIC_MATCH*
>    TFTP_HELPER*
>    WAIT_OPTION
>    XMULTIPORT*
> /var/lib/shorewall/.restart: line 2998: syntax error near unexpected token 
> `fi'
> /var/lib/shorewall/.restart: line 2998: `       fi'
> 
> My relevant config files are:
> 
> # cat snat
> SNAT($IF_ISP3_IP)       0.0.0.0/0       $IF_ISP3
> SNAT($IF_ISP2_IP)       0.0.0.0/0       $IF_ISP2
> SNAT($IF_ISP1_IP)       0.0.0.0/0       $IF_ISP1

The following 6 rules are superfluous, since they are covered by the
above three blanket rules.

> SNAT($IF_ISP3_IP)      $IF_LAN $IF_ISP3
> SNAT($IF_ISP2_IP)      $IF_LAN $IF_ISP2
> SNAT($IF_ISP1_IP)      $IF_LAN $IF_ISP1
> SNAT($IF_ISP3_IP)      $IF_DMZ $IF_ISP3
> SNAT($IF_ISP2_IP)      $IF_DMZ $IF_ISP2
> SNAT($IF_ISP1_IP)      $IF_DMZ $IF_ISP1

So you can remove them and eliminate the incorrect code generation. That
having been said, the compiler should still not generate code with
invalid syntax in this case. If you can supply me with a compiler trace,
I'll try to understand why that is happening.

Thanks,
-Tom
-- 
Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
                      \_______________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to