Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shorewall MASQ file gets appended to SNAT file #2067

Open
JeffPalmer2000 opened this issue Dec 30, 2023 · 6 comments
Open

Shorewall MASQ file gets appended to SNAT file #2067

JeffPalmer2000 opened this issue Dec 30, 2023 · 6 comments

Comments

@JeffPalmer2000
Copy link

When adding a Masquerading rule in Shorewall, the entry is then added to the /etc/shorewall/snat file instead of the /etc/shorewall/masq file. The entry is no longer seen in the Masquerading edit rule. It also does not appear in the edit Static NAT rule. In looking at the masq file, it's empty and the entry is in the snat file. Shorewall does process the rule, but there is no way to see it or edit it within Webmin, but only if the snat file is edited in the shell.
@jcameron
Copy link
Collaborator

That sounds like a bug! Can you attach a screenshot of the page on which you're adding a Masquerading rule?

@JeffPalmer2000
Copy link
Author

JeffPalmer2000 commented Jan 7, 2024
edited

image

The rule appears to add fine. Once you leave the Masq editor, and come back, the rule is gone. Looking at the Shorewall files, the rule was added to the SNAT file.

@jcameron
Copy link
Collaborator

jcameron commented Jan 8, 2024

Can you post the line that was added to the SNAT file?

@JeffPalmer2000
Copy link
Author

JeffPalmer2000 commented Jan 8, 2024
edited by jcameron

Not sure why this is getting so complicated. It's just writing to the wrong file. After the entry is made, the file /etc/shorewall/masq is empty. The file /etc/shorewall/snat now has the following:

#
# Shorewall -- /etc/shorewall/snat
#
# For information about entries in this file, type "man shorewall-snat"
#
# See http://shorewall.net/manpages/shorewall-snat.html for more information
#
###########################################################################################################################################
#ACTION                 SOURCE                  DEST            PROTO   PORT    IPSEC   MARK    USER    SWITCH  ORIGDEST        PROBABILITY
#
#
# Rules generated from masq file /etc/shorewall/masq by Shorewall 5.2.3.4 - Tue 10 May 2022 11:08:21 PM PDT
#
MASQUERADE              192.168.0.0/24          enp6s19

Sorry about the formatting,

@jcameron
Copy link
Collaborator

jcameron commented Jan 8, 2024

The line "Rules generated from masq file /etc/shorewall/masq" seems like it could be a pointer to the issue. Webmin isn't doing this though, and I can't re-produce this on my test systems..

@JeffPalmer2000
Copy link
Author

I can reproduce it consistently, and reproduced it on another machine as well. Is it possible it's not "webmin" but the Shorewall plug-in pointing to the wrong file? Is there a force refresh of plug-ins?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jcameron @JeffPalmer2000