Package: shorewall Version: 4.5.5.3-1 Severity: important Hi,
this problem appeared recently. I was using this kind of rule in /etc/shorewall/rules : DNAT net loc:apollon TCP www,https,8008,8443 apollon is a hostname resolved via ldap (configured in /etc/nsswitch.conf). It worked fine previously, but today I wasn't able to start shorewall anymore. A restart gave me this error : iptables-restore v1.4.14: DNAT: Multiple --to-destination not supported Error occurred at line: 22 Indeed, the iptables-restore file generated by shorewall contained this kind of incorrect rule : -A net_dnat -p 6 -m multiport --dports 80,443,8008,8443 -j DNAT --to-destination 192.168.122.2 --to-destination 255.255.255.255 I had to replace the hostnames by their related ip address, which seems to be a creepy workaround. Thanks for your help, Paul Ezvan -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=, LC_CTYPE= (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages shorewall depends on: ii bc 1.06.95-2+b1 ii debconf [debconf-2.0] 1.5.44 ii iproute 20120521-3 ii iptables 1.4.14-3 ii perl-modules 5.14.2-12 ii shorewall-core 4.5.5.3-1 shorewall recommends no packages. Versions of packages shorewall suggests: ii linux-image-2.6.32-5-amd64 [linux-image] 2.6.32-41 ii linux-image-3.2.0-1-amd64 [linux-image] 3.2.6-1 ii linux-image-3.2.0-2-amd64 [linux-image] 3.2.20-1 ii linux-image-3.2.0-3-amd64 [linux-image] 3.2.23-1 pn make <none> pn shorewall-doc <none> -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
