Discussion:
[Shorewall-users] Shorewall 4.5.15 MAC address in rules problem
Bill Shirley
2016-07-01 17:54:08 UTC
Permalink
I can't get Shorewall to accept a MAC address in the rules file. MAC addresses work in
tcrules.

params:
phil_laptop_mac=~00-50-b6-70-25-63

tcrules:
?COMMENT -masq- phil laptop
$INET2_FWMARK2/$CONNMASK:P $phil_laptop_mac

rules:
DNAT inet mem:$phil_laptop_mac tcp 80,37777

shorewall check:
Checking /etc/shorewall/rules...
ERROR: Invalid IP Address (~00-50-b6-70-25) /etc/shorewall/rules (line 104)

Shorewall thinks it's an IP address instead of a MAC address. Am I doing something wrong?
It's also dropping the last byte of the MAC address.

[1:***@elvis shorewall 148]$ rpm -q shorewall
shorewall-4.5.15-1.fc19.noarch

Bill
Roberto C. Sánchez
2016-07-01 19:14:20 UTC
Permalink
Restriction: MAC addresses are not allowed (this is a Netfilter
restriction).

You can only have a MAC in the SOURCE column.

Regards,

-Roberto
Post by Bill Shirley
I can't get Shorewall to accept a MAC address in the rules file. MAC addresses work in
tcrules.
phil_laptop_mac=~00-50-b6-70-25-63
?COMMENT -masq- phil laptop
$INET2_FWMARK2/$CONNMASK:P $phil_laptop_mac
DNAT inet mem:$phil_laptop_mac tcp 80,37777
Checking /etc/shorewall/rules...
ERROR: Invalid IP Address (~00-50-b6-70-25) /etc/shorewall/rules (line 104)
Shorewall thinks it's an IP address instead of a MAC address. Am I doing something wrong?
It's also dropping the last byte of the MAC address.
shorewall-4.5.15-1.fc19.noarch
Bill
------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Shorewall-users mailing list
https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
Bill Shirley
2016-07-01 19:39:40 UTC
Permalink
Thank you. I think I was standing too close to the trees to see the forest.

Bill
Post by Roberto C. Sánchez
Restriction: MAC addresses are not allowed (this is a Netfilter
restriction).
You can only have a MAC in the SOURCE column.
Regards,
-Roberto
Post by Bill Shirley
I can't get Shorewall to accept a MAC address in the rules file. MAC addresses work in
tcrules.
phil_laptop_mac=~00-50-b6-70-25-63
?COMMENT -masq- phil laptop
$INET2_FWMARK2/$CONNMASK:P $phil_laptop_mac
DNAT inet mem:$phil_laptop_mac tcp 80,37777
Checking /etc/shorewall/rules...
ERROR: Invalid IP Address (~00-50-b6-70-25) /etc/shorewall/rules (line 104)
Shorewall thinks it's an IP address instead of a MAC address. Am I doing something wrong?
It's also dropping the last byte of the MAC address.
shorewall-4.5.15-1.fc19.noarch
Bill
------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Shorewall-users mailing list
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Loading...