SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0000720: no NAT after upgrade 2.2b3 to 2.2b4 - MantisBT
MantisBT - Endian Firewall
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0000720Endian FirewallFirewall (iptables)public2008-04-24 13:152009-10-27 12:03
ReporterThomas Heimann 
Assigned Topeter-endian 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.2-beta4 
Target VersionFixed in Version2.2-rc1 
Customer Importance
Customer Occurrences
Queue
Summary0000720: no NAT after upgrade 2.2b3 to 2.2b4
DescriptionAccess through App proxies is possible but all NAT connections fail after
upgrade 2.2b3 to 2.2b4 (fresh installation and restore).

Quick fix: iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
has duplicate 0000709closed raphael-endian Keine PPPOE Verbindung 
has duplicate 0000662closed peter-endian Port forwarding / NAT does not forward to WEB server on GREEN interface 
Attached Files? efw-firewall-2.2.66-0.endian14.noarch.rpm (84,328) 2008-04-28 13:25
https://bugs.endian.com/file_download.php?file_id=125&type=bug
? conntrack-tools-0.9.5-2.endian3.i586.rpm (73,046) 2008-04-28 13:25
https://bugs.endian.com/file_download.php?file_id=126&type=bug
Issue History
Date ModifiedUsernameFieldChange
2008-04-24 13:15Thomas HeimannNew Issue
2008-04-24 13:15Thomas HeimannStatusnew => assigned
2008-04-24 13:15Thomas HeimannAssigned To => peter-endian
2008-04-25 12:26peter-endianRelationship addedhas duplicate 0000709
2008-04-28 08:16raphael-endianNote Added: 0001088
2008-04-28 13:03karachoNote Added: 0001089
2008-04-28 13:25ra-endianFile Added: efw-firewall-2.2.66-0.endian14.noarch.rpm
2008-04-28 13:25ra-endianFile Added: conntrack-tools-0.9.5-2.endian3.i586.rpm
2008-04-28 13:29ra-endianNote Added: 0001090
2008-04-28 13:40karachoNote Added: 0001091
2008-04-28 19:11raphael-endianStatusassigned => resolved
2008-04-28 19:11raphael-endianFixed in Version => 2.2-rc1
2008-04-28 19:11raphael-endianResolutionopen => fixed
2008-05-09 17:12peter-endianRelationship addedhas duplicate 0000662
2009-10-27 12:03peter-endianStatusresolved => closed

Notes
(0001088)
raphael-endian   
2008-04-28 08:16   
Please send us the output of "setsnat.py --debug", "ip route" and "ip link". That should help us to find the problem. Thanks
(0001089)
karacho   
2008-04-28 13:03   
Hello,

same problem here using pppoe. The quick fix solved it.

Here's the debug output:

setsnat.py --debug
2008-04-28 14:46:06,681 - endian.logger - DEBUG - Read settings file /var/efw/snat/default/settings
2008-04-28 14:46:06,683 - endian.logger - DEBUG - Error reading config file /var/efw/snat/default/settings
2008-04-28 14:46:06,685 - endian.logger - DEBUG - Read settings file /var/efw/ethernet/settings
2008-04-28 14:46:06,856 - endian.logger - DEBUG - Restart SNAT firewall
2008-04-28 14:46:06,858 - endian.logger - DEBUG - Generate iptables script
2008-04-28 14:46:06,861 - endian.logger - DEBUG - Config files: ['/etc/firewall/snat/outgoingnat.conf']
2008-04-28 14:46:06,862 - endian.logger - DEBUG - Read from '/etc/firewall/snat/outgoingnat.conf'
2008-04-28 14:46:06,864 - endian.logger - DEBUG - Substitute UPLINK 'UPLINK:ANY'
2008-04-28 14:46:06,866 - endian.logger - DEBUG - Initialize uplinks Pool with prefix '/var/efw/'.
2008-04-28 14:46:06,867 - endian.logger - DEBUG - Scanning for uplinks in '/var/efw/uplinks'...
2008-04-28 14:46:06,870 - endian.logger - DEBUG - Inizialize uplink 'main' with prefix '/var/efw/'.
2008-04-28 14:46:06,872 - endian.logger - DEBUG - Update information of uplink 'main'
2008-04-28 14:46:06,876 - endian.logger - DEBUG - Checking for vanished uplinks in '/var/efw/uplinks'...
2008-04-28 14:46:06,879 - endian.logger - DEBUG - Substituted UPLINK 'UPLINK:ANY' to: ['ppp0']
2008-04-28 14:46:06,907 - endian.logger - DEBUG - Could not determine ip address of interface 'ppp0'
2008-04-28 14:46:06,909 - endian.logger - DEBUG - Explosion throws error ''ppp0''
2008-04-28 14:46:06,913 - endian.logger - DEBUG - Traceback (most recent call last):
  File "/usr/local/bin/setsnat.py", line 505, in generateScript
    ret.append(insert_rule(item, tmpl, log))
  File "/usr/local/bin/setsnat.py", line 137, in insert_rule
    cmd = str(tmpl(namespaces = [obj, methods]))
  File "/usr/lib/python2.4/site-packages/Cheetah/Template.py", line 982, in __str__
  File "_etc_firewall_snat_rules_tmpl.py", line 180, in respond
  File "/usr/local/bin/setsnat.py", line 416, in getAddressByInterface
    return t['dev'][dev]
KeyError: 'ppp0'

2008-04-28 14:46:06,915 - endian.logger - DEBUG - Save old state file /etc/firewall/snat/iptableszonefw
2008-04-28 14:46:06,918 - endian.logger - DEBUG - Save script to state file '/etc/firewall/snat/iptableszonefw'
2008-04-28 14:46:06,920 - endian.logger - DEBUG - Script has NOT been changed!
2008-04-28 14:46:06,922 - endian.logger - DEBUG - Apply 1 rules
2008-04-28 14:46:06,926 - endian.logger - DEBUG - Fetch original iptables state from kernel
2008-04-28 14:46:06,979 - endian.logger - DEBUG - Edit iptables original state. Apply 1 rules.
2008-04-28 14:46:06,981 - endian.logger - DEBUG - iptables-edit -i /tmp/iptablesuCFl1m > /tmp/iptablesss40bN
2008-04-28 14:46:07,066 - endian.logger - DEBUG - Atomic commit of iptables rules

ip route
xx.xx.xx.36 dev ppp0 proto kernel scope link src xx.xx.xx.36
xx.xx.xx.1 dev ppp0 proto kernel scope link src xx.xx.xx.36
192.168.2.0/24 dev br2 proto kernel scope link src 192.168.2.1
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.1
1.1.1.0/24 dev eth1 proto kernel scope link src 1.1.1.1

ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:16:3e:4b:ff:13 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:16:3e:7e:f1:1b brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:16:3e:26:fa:36 brd ff:ff:ff:ff:ff:ff
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
    link/ether 00:16:3e:4b:ff:13 brd ff:ff:ff:ff:ff:ff
6: br2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
    link/ether 00:16:3e:26:fa:36 brd ff:ff:ff:ff:ff:ff
7: sit0: <NOARP> mtu 1480 qdisc noop
    link/sit 0.0.0.0 brd 0.0.0.0
8: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast qlen 3
    link/ppp

Best regards
(0001090)
ra-endian   
2008-04-28 13:29   
please install the attached rpm files. which should fix this problem.
(0001091)
karacho   
2008-04-28 13:40   
Thanks for the very fast response, fixed it for me!