From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] BUG10994: SNAT rules are missing the outgoing interface Date: Thu, 10 Dec 2015 16:37:54 +0000 Message-ID: <1449765474.31655.99.camel@ipfire.org> In-Reply-To: <1449500252-18922-1-git-send-email-alexander.marx@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0607363072041599243==" List-Id: --===============0607363072041599243== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Is there any evidence that this was tested by somebody else but you? -Michael On Mon, 2015-12-07 at 15:57 +0100, Alexander Marx wrote: > When creating SNAT rules, the outgoing interface is not set. As a > side > effect, traffic that should be send unnatted to a vpn tunnel can be > natted which is a BUG. > With this patch the SNAT rules are getting a outgoing interface > according to the configuration. When selecting the RED Target > network, > all SNAT rules will be configured with "-o red0". Otherwise if "all" > is > selected, there is no interface in the rule, which matches all > networks. > > Signed-off-by: Alexander Marx > --- > config/firewall/rules.pl | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl > index daa9565..8b0c6dd 100644 > --- a/config/firewall/rules.pl > +++ b/config/firewall/rules.pl > @@ -467,6 +467,10 @@ sub buildrules { > } elsif ($NAT_MODE > eq "SNAT") { > my > @nat_options = @options; > > + if > ($destination_intf) { > + push > (@nat_options, ("-o", $destination_intf)); > + } > + > push(@nat_op > tions, @source_options); > push(@nat_op > tions, @destination_options); > --===============0607363072041599243== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEKCmlRSWNCQUFC Q2dBR0JRSldhYXBpQUFvSkVJQjU4UDl2a0FrSEFTb1AvangxNDJqS21scGFjSFRwb2g4RE5MUVAK azgyZGFnd0pndFp6eXR0SjJuWm0zb1MrK2lyK3VKaVRCRDkrSThLbzlUL3RsVlgzYzZ5enkzcVZz TzNici9QZQo4SW1JYTBKZUtLVkpSYlVHWmpOcExDbGRnbUtXYzZNWlVUZk00M0RlbHMxdHpERVBV VHN4bnRLWEM2bnA1UW15CkdoRG50dE9WSmkrek9ZQ1A5dkxsdmNVa08weEU2RXNjaitVRWNDMWdn SFMzeU83R2lWdVhSdjJOWXVPSmZYL2kKQkFROVRKb2Y4d3RrWDhraGpKZ2Rmb1JHa1pXT2FKQWNE VG4zeFczb2c0TGswN0JpdU0vVUx1elhmTlNQSHVOMwpQbmxORDhNMHR5ZGxFeU1zTlFqU3hWVER6 QklVT29YTERicnJ0VHRNWm1pRndUVjd3ekNYM25jMm5tKy9vT3pvClZreGpYSktKdUNydWl6UmhH em5RWFZIdjM0Rk55dkM3eDI1eEQ5Vkp2aXRleGlUTER2dzl6ZnJKdWJldjBPN2QKMEhFTi95VytL RVZNNVE0L3JONWZjSnBSQlRDKzBuSUpoYkgzOCt1dXVXNmg4cFpDRHlKcDE3eCtBMHB1MVlkMApv ZnIrSFA1OVluZjRMWGFHbWF0SEFxK0YyZlRMVjJqY05GcnpFTVNRQ0dSRmZYZXdMNFZ1WWNsS1dS blR2Zk1oCnNMdTRkVHBxY3IwL25XZVViK21yQnowSEZtYXZVcDhnc1crN0k1dCtwRXF5cnRSOWhm VVNxS1JxTk9QaVMxdTcKdnRmN2taeDdnSmF5SlhFQkhEZ0hhSVhjRG1kcmpPWC9ZYTlXdFFZdFZz VUVWV20vNmJhc1JKam16RzkwZXBUagoxdlZHRVFiakc0dUt5N3lKMFZTLwo9WVFwMAotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============0607363072041599243==--