SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
| Anonymous | Login | 2022-07-05 04:19 UTC |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0000720 | Endian Firewall | Firewall (iptables) | public | 2008-04-24 13:15 | 2009-10-27 12:03 | ||||
| Reporter | Thomas Heimann | ||||||||
| Assigned To | peter-endian | ||||||||
| Priority | normal | Severity | major | Reproducibility | always | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 2.2-beta4 | ||||||||
| Target Version | Fixed in Version | 2.2-rc1 | |||||||
| Summary | 0000720: no NAT after upgrade 2.2b3 to 2.2b4 | ||||||||
| Description | Access through App proxies is possible but all NAT connections fail after upgrade 2.2b3 to 2.2b4 (fresh installation and restore). Quick fix: iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files |  efw-firewall-2.2.66-0.endian14.noarch.rpm [^] (84,328 bytes) 2008-04-28 13:25 conntrack-tools-0.9.5-2.endian3.i586.rpm [^] (73,046 bytes) 2008-04-28 13:25 | ||||||||
 Relationships |
|||||||||||
|
|||||||||||
 Relationships |
|
Notes |
|
|
(0001088) raphael-endian (administrator) 2008-04-28 08:16 |
Please send us the output of "setsnat.py --debug", "ip route" and "ip link". That should help us to find the problem. Thanks |
|
(0001089) karacho (reporter) 2008-04-28 13:03 |
Hello, same problem here using pppoe. The quick fix solved it. Here's the debug output: setsnat.py --debug 2008-04-28 14:46:06,681 - endian.logger - DEBUG - Read settings file /var/efw/snat/default/settings 2008-04-28 14:46:06,683 - endian.logger - DEBUG - Error reading config file /var/efw/snat/default/settings 2008-04-28 14:46:06,685 - endian.logger - DEBUG - Read settings file /var/efw/ethernet/settings 2008-04-28 14:46:06,856 - endian.logger - DEBUG - Restart SNAT firewall 2008-04-28 14:46:06,858 - endian.logger - DEBUG - Generate iptables script 2008-04-28 14:46:06,861 - endian.logger - DEBUG - Config files: ['/etc/firewall/snat/outgoingnat.conf'] 2008-04-28 14:46:06,862 - endian.logger - DEBUG - Read from '/etc/firewall/snat/outgoingnat.conf' 2008-04-28 14:46:06,864 - endian.logger - DEBUG - Substitute UPLINK 'UPLINK:ANY' 2008-04-28 14:46:06,866 - endian.logger - DEBUG - Initialize uplinks Pool with prefix '/var/efw/'. 2008-04-28 14:46:06,867 - endian.logger - DEBUG - Scanning for uplinks in '/var/efw/uplinks'... 2008-04-28 14:46:06,870 - endian.logger - DEBUG - Inizialize uplink 'main' with prefix '/var/efw/'. 2008-04-28 14:46:06,872 - endian.logger - DEBUG - Update information of uplink 'main' 2008-04-28 14:46:06,876 - endian.logger - DEBUG - Checking for vanished uplinks in '/var/efw/uplinks'... 2008-04-28 14:46:06,879 - endian.logger - DEBUG - Substituted UPLINK 'UPLINK:ANY' to: ['ppp0'] 2008-04-28 14:46:06,907 - endian.logger - DEBUG - Could not determine ip address of interface 'ppp0' 2008-04-28 14:46:06,909 - endian.logger - DEBUG - Explosion throws error ''ppp0'' 2008-04-28 14:46:06,913 - endian.logger - DEBUG - Traceback (most recent call last): File "/usr/local/bin/setsnat.py", line 505, in generateScript ret.append(insert_rule(item, tmpl, log)) File "/usr/local/bin/setsnat.py", line 137, in insert_rule cmd = str(tmpl(namespaces = [obj, methods])) File "/usr/lib/python2.4/site-packages/Cheetah/Template.py", line 982, in __str__ File "_etc_firewall_snat_rules_tmpl.py", line 180, in respond File "/usr/local/bin/setsnat.py", line 416, in getAddressByInterface return t['dev'][dev] KeyError: 'ppp0' 2008-04-28 14:46:06,915 - endian.logger - DEBUG - Save old state file /etc/firewall/snat/iptableszonefw 2008-04-28 14:46:06,918 - endian.logger - DEBUG - Save script to state file '/etc/firewall/snat/iptableszonefw' 2008-04-28 14:46:06,920 - endian.logger - DEBUG - Script has NOT been changed! 2008-04-28 14:46:06,922 - endian.logger - DEBUG - Apply 1 rules 2008-04-28 14:46:06,926 - endian.logger - DEBUG - Fetch original iptables state from kernel 2008-04-28 14:46:06,979 - endian.logger - DEBUG - Edit iptables original state. Apply 1 rules. 2008-04-28 14:46:06,981 - endian.logger - DEBUG - iptables-edit -i /tmp/iptablesuCFl1m > /tmp/iptablesss40bN 2008-04-28 14:46:07,066 - endian.logger - DEBUG - Atomic commit of iptables rules ip route xx.xx.xx.36 dev ppp0 proto kernel scope link src xx.xx.xx.36 xx.xx.xx.1 dev ppp0 proto kernel scope link src xx.xx.xx.36 192.168.2.0/24 dev br2 proto kernel scope link src 192.168.2.1 192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.1 1.1.1.0/24 dev eth1 proto kernel scope link src 1.1.1.1 ip link 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:16:3e:4b:ff:13 brd ff:ff:ff:ff:ff:ff 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:16:3e:7e:f1:1b brd ff:ff:ff:ff:ff:ff 4: eth2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:16:3e:26:fa:36 brd ff:ff:ff:ff:ff:ff 5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue link/ether 00:16:3e:4b:ff:13 brd ff:ff:ff:ff:ff:ff 6: br2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue link/ether 00:16:3e:26:fa:36 brd ff:ff:ff:ff:ff:ff 7: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 8: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast qlen 3 link/ppp Best regards |
|
(0001090) ra-endian (administrator) 2008-04-28 13:29 |
please install the attached rpm files. which should fix this problem. |
|
(0001091) karacho (reporter) 2008-04-28 13:40 |
Thanks for the very fast response, fixed it for me! |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2008-04-24 13:15 | Thomas Heimann | New Issue | |
| 2008-04-24 13:15 | Thomas Heimann | Status | new => assigned |
| 2008-04-24 13:15 | Thomas Heimann | Assigned To | => peter-endian |
| 2008-04-25 12:26 | peter-endian | Relationship added | has duplicate 0000709 |
| 2008-04-28 08:16 | raphael-endian | Note Added: 0001088 | |
| 2008-04-28 13:03 | karacho | Note Added: 0001089 | |
| 2008-04-28 13:25 | ra-endian | File Added: efw-firewall-2.2.66-0.endian14.noarch.rpm | |
| 2008-04-28 13:25 | ra-endian | File Added: conntrack-tools-0.9.5-2.endian3.i586.rpm | |
| 2008-04-28 13:29 | ra-endian | Note Added: 0001090 | |
| 2008-04-28 13:40 | karacho | Note Added: 0001091 | |
| 2008-04-28 19:11 | raphael-endian | Status | assigned => resolved |
| 2008-04-28 19:11 | raphael-endian | Fixed in Version | => 2.2-rc1 |
| 2008-04-28 19:11 | raphael-endian | Resolution | open => fixed |
| 2008-05-09 17:12 | peter-endian | Relationship added | has duplicate 0000662 |
| 2009-10-27 12:03 | peter-endian | Status | resolved => closed |
|
Issue History |
| Copyright © 2000 - 2012 MantisBT Group |
 |