You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi.
Due changes on the sintax on new iptables the object "ANY ICMP" has to be changed when used on nat rules, to be acceped when inserting a new rule on iptables.
A rule of NAT like this:
When compiled will generate this script: $IPTABLES -t nat -A POSTROUTING -o br+ -p icmp -m icmp -s 192.0.2.2 -j SNAT --to-source 192.168.1.2 $IPTABLES -t nat -A POSTROUTING -o eth+ -p icmp -m icmp -s 192.0.2.2 -j SNAT --to-source 192.168.1.2
This declaration won't be accepted by the new iptables anymore, now it has to be declared as: $IPTABLES -t nat -A POSTROUTING -o br+ -p icmp -m icmp --icmp-type any -s 192.0.2.2 -j SNAT --to-source 192.168.1.2 $IPTABLES -t nat -A POSTROUTING -o eth+ -p icmp -m icmp --icmp-type any -s 192.0.2.2 -j SNAT --to-source 192.168.1.2
I managed to fix this issue parsing the generated firewall script through a sed command: sed '/nat/s/\-p icmp \-m icmp/& \--icmp-type any/g' firewall.script
This is back compatible with older iptables versions ( tested with iptables-1.3.5 version )
The text was updated successfully, but these errors were encountered:
Hi.
Due changes on the sintax on new iptables the object "ANY ICMP" has to be changed when used on nat rules, to be acceped when inserting a new rule on iptables.
A rule of NAT like this:
When compiled will generate this script:
$IPTABLES -t nat -A POSTROUTING -o br+ -p icmp -m icmp -s 192.0.2.2 -j SNAT --to-source 192.168.1.2 $IPTABLES -t nat -A POSTROUTING -o eth+ -p icmp -m icmp -s 192.0.2.2 -j SNAT --to-source 192.168.1.2
This declaration won't be accepted by the new iptables anymore, now it has to be declared as:
$IPTABLES -t nat -A POSTROUTING -o br+ -p icmp -m icmp --icmp-type any -s 192.0.2.2 -j SNAT --to-source 192.168.1.2 $IPTABLES -t nat -A POSTROUTING -o eth+ -p icmp -m icmp --icmp-type any -s 192.0.2.2 -j SNAT --to-source 192.168.1.2
I managed to fix this issue parsing the generated firewall script through a sed command:
sed '/nat/s/\-p icmp \-m icmp/& \--icmp-type any/g' firewall.script
This is back compatible with older iptables versions ( tested with iptables-1.3.5 version )
The text was updated successfully, but these errors were encountered: