Ubuntu
virtualbox package

virtualbox overwrite shorewall nat rules

Bug #823922 reported by daniele carbone
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
virtualbox (Ubuntu)
New
Undecided
Unassigned

Bug Description

using virtualbox on a pc acting as router
virtualbox overwrite shorewall default nat rules with his rules

Revision history for this message
daniele carbone (dcarbone) wrote :

sudo iptables -t nat -v -n -L[sudo] password for casa:
Sorry, try again.
[sudo] password for casa:
Chain PREROUTING (policy ACCEPT 11 packets, 1932 bytes)
 pkts bytes target prot opt in out source destination

Chain INPUT (policy ACCEPT 9 packets, 1316 bytes)
 pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 215 packets, 19063 bytes)
 pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 213 packets, 18889 bytes)
 pkts bytes target prot opt in out source destination
    0 0 MASQUERADE tcp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
    1 142 MASQUERADE udp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
    1 32 MASQUERADE all -- * * 192.168.122.0/24 !192.168.122.0/24
casa@pcfw2:~$ sudo shorewall safe-restart
Compiling...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
Determining Hosts in Zones...
Locating Action Files...
Compiling /etc/shorewall/policy...
Compiling policy actions...
Compiling /usr/share/shorewall/action.Reject for chain Reject...
Compiling /usr/share/shorewall/action.Drop for chain Drop...
Adding Anti-smurf Rules
Adding rules for DHCP
Compiling TCP Flags filtering...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling /etc/shorewall/masq...
Compiling MAC Filtration -- Phase 1...
Compiling /etc/shorewall/rules...
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Generating Rule Matrix...
Creating iptables-restore input...
Compiling iptables-restore input for chain mangle:...
Compiling /etc/shorewall/routestopped...
Shorewall configuration compiled to /var/lib/shorewall/.start
Starting...
Starting Shorewall....
done.
Do you want to accept the new firewall configuration? [y/n] y
New configuration has been accepted
casa@pcfw2:~$ sudo iptables -t nat -v -n -L
Chain PREROUTING (policy ACCEPT 1 packets, 350 bytes)
 pkts bytes target prot opt in out source destination

Chain INPUT (policy ACCEPT 1 packets, 350 bytes)
 pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target prot opt in out source destination
    0 0 eth1_masq all -- * eth1 0.0.0.0/0 0.0.0.0/0

Chain eth1_masq (1 references)
 pkts bytes target prot opt in out source destination
    0 0 MASQUERADE all -- * * 10.0.0.0/8 0.0.0.0/0
    0 0 MASQUERADE all -- * * 169.254.0.0/16 0.0.0.0/0
    0 0 MASQUERADE all -- * * 172.16.0.0/12 0.0.0.0/0
    0 0 MASQUERADE all -- * * 192.168.0.0/16 0.0.0.0/0

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.