SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0000720: no NAT after upgrade 2.2b3 to 2.2b4 - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000720Endian FirewallFirewall (iptables)public2008-04-24 13:152009-10-27 12:03
ReporterThomas Heimann 
Assigned Topeter-endian 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.2-beta4 
Target VersionFixed in Version2.2-rc1 
Summary0000720: no NAT after upgrade 2.2b3 to 2.2b4
DescriptionAccess through App proxies is possible but all NAT connections fail after
upgrade 2.2b3 to 2.2b4 (fresh installation and restore).

Quick fix: iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

TagsNo tags attached.
Attached Files? file icon efw-firewall-2.2.66-0.endian14.noarch.rpm [^] (84,328 bytes) 2008-04-28 13:25
? file icon conntrack-tools-0.9.5-2.endian3.i586.rpm [^] (73,046 bytes) 2008-04-28 13:25

- Relationships
has duplicate 0000709closedraphael-endian Keine PPPOE Verbindung 
has duplicate 0000662closedpeter-endian Port forwarding / NAT does not forward to WEB server on GREEN interface 

-  Notes
(0001088)
raphael-endian (administrator)
2008-04-28 08:16

Please send us the output of "setsnat.py --debug", "ip route" and "ip link". That should help us to find the problem. Thanks
(0001089)
karacho (reporter)
2008-04-28 13:03

Hello,

same problem here using pppoe. The quick fix solved it.

Here's the debug output:

setsnat.py --debug
2008-04-28 14:46:06,681 - endian.logger - DEBUG - Read settings file /var/efw/snat/default/settings
2008-04-28 14:46:06,683 - endian.logger - DEBUG - Error reading config file /var/efw/snat/default/settings
2008-04-28 14:46:06,685 - endian.logger - DEBUG - Read settings file /var/efw/ethernet/settings
2008-04-28 14:46:06,856 - endian.logger - DEBUG - Restart SNAT firewall
2008-04-28 14:46:06,858 - endian.logger - DEBUG - Generate iptables script
2008-04-28 14:46:06,861 - endian.logger - DEBUG - Config files: ['/etc/firewall/snat/outgoingnat.conf']
2008-04-28 14:46:06,862 - endian.logger - DEBUG - Read from '/etc/firewall/snat/outgoingnat.conf'
2008-04-28 14:46:06,864 - endian.logger - DEBUG - Substitute UPLINK 'UPLINK:ANY'
2008-04-28 14:46:06,866 - endian.logger - DEBUG - Initialize uplinks Pool with prefix '/var/efw/'.
2008-04-28 14:46:06,867 - endian.logger - DEBUG - Scanning for uplinks in '/var/efw/uplinks'...
2008-04-28 14:46:06,870 - endian.logger - DEBUG - Inizialize uplink 'main' with prefix '/var/efw/'.
2008-04-28 14:46:06,872 - endian.logger - DEBUG - Update information of uplink 'main'
2008-04-28 14:46:06,876 - endian.logger - DEBUG - Checking for vanished uplinks in '/var/efw/uplinks'...
2008-04-28 14:46:06,879 - endian.logger - DEBUG - Substituted UPLINK 'UPLINK:ANY' to: ['ppp0']
2008-04-28 14:46:06,907 - endian.logger - DEBUG - Could not determine ip address of interface 'ppp0'
2008-04-28 14:46:06,909 - endian.logger - DEBUG - Explosion throws error ''ppp0''
2008-04-28 14:46:06,913 - endian.logger - DEBUG - Traceback (most recent call last):
  File "/usr/local/bin/setsnat.py", line 505, in generateScript
    ret.append(insert_rule(item, tmpl, log))
  File "/usr/local/bin/setsnat.py", line 137, in insert_rule
    cmd = str(tmpl(namespaces = [obj, methods]))
  File "/usr/lib/python2.4/site-packages/Cheetah/Template.py", line 982, in __str__
  File "_etc_firewall_snat_rules_tmpl.py", line 180, in respond
  File "/usr/local/bin/setsnat.py", line 416, in getAddressByInterface
    return t['dev'][dev]
KeyError: 'ppp0'

2008-04-28 14:46:06,915 - endian.logger - DEBUG - Save old state file /etc/firewall/snat/iptableszonefw
2008-04-28 14:46:06,918 - endian.logger - DEBUG - Save script to state file '/etc/firewall/snat/iptableszonefw'
2008-04-28 14:46:06,920 - endian.logger - DEBUG - Script has NOT been changed!
2008-04-28 14:46:06,922 - endian.logger - DEBUG - Apply 1 rules
2008-04-28 14:46:06,926 - endian.logger - DEBUG - Fetch original iptables state from kernel
2008-04-28 14:46:06,979 - endian.logger - DEBUG - Edit iptables original state. Apply 1 rules.
2008-04-28 14:46:06,981 - endian.logger - DEBUG - iptables-edit -i /tmp/iptablesuCFl1m > /tmp/iptablesss40bN
2008-04-28 14:46:07,066 - endian.logger - DEBUG - Atomic commit of iptables rules

ip route
xx.xx.xx.36 dev ppp0 proto kernel scope link src xx.xx.xx.36
xx.xx.xx.1 dev ppp0 proto kernel scope link src xx.xx.xx.36
192.168.2.0/24 dev br2 proto kernel scope link src 192.168.2.1
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.1
1.1.1.0/24 dev eth1 proto kernel scope link src 1.1.1.1

ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:16:3e:4b:ff:13 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:16:3e:7e:f1:1b brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:16:3e:26:fa:36 brd ff:ff:ff:ff:ff:ff
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
    link/ether 00:16:3e:4b:ff:13 brd ff:ff:ff:ff:ff:ff
6: br2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
    link/ether 00:16:3e:26:fa:36 brd ff:ff:ff:ff:ff:ff
7: sit0: <NOARP> mtu 1480 qdisc noop
    link/sit 0.0.0.0 brd 0.0.0.0
8: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast qlen 3
    link/ppp

Best regards
(0001090)
ra-endian (administrator)
2008-04-28 13:29

please install the attached rpm files. which should fix this problem.
(0001091)
karacho (reporter)
2008-04-28 13:40

Thanks for the very fast response, fixed it for me!

- Issue History
Date Modified Username Field Change
2008-04-24 13:15 Thomas Heimann New Issue
2008-04-24 13:15 Thomas Heimann Status new => assigned
2008-04-24 13:15 Thomas Heimann Assigned To => peter-endian
2008-04-25 12:26 peter-endian Relationship added has duplicate 0000709
2008-04-28 08:16 raphael-endian Note Added: 0001088
2008-04-28 13:03 karacho Note Added: 0001089
2008-04-28 13:25 ra-endian File Added: efw-firewall-2.2.66-0.endian14.noarch.rpm
2008-04-28 13:25 ra-endian File Added: conntrack-tools-0.9.5-2.endian3.i586.rpm
2008-04-28 13:29 ra-endian Note Added: 0001090
2008-04-28 13:40 karacho Note Added: 0001091
2008-04-28 19:11 raphael-endian Status assigned => resolved
2008-04-28 19:11 raphael-endian Fixed in Version => 2.2-rc1
2008-04-28 19:11 raphael-endian Resolution open => fixed
2008-05-09 17:12 peter-endian Relationship added has duplicate 0000662
2009-10-27 12:03 peter-endian Status resolved => closed

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker