Fix additional masq/snat issues.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2025-02-23 05:01:34 +01:00 · 2016-11-01 18:42:16 -07:00 · 2016-11-01 18:42:16 -07:00 · e188bde6c4
commit e188bde6c4
parent 6e08717089
2 changed files with 21 additions and 5 deletions
--- a/Shorewall/Perl/Shorewall/Nat.pm
+++ b/Shorewall/Perl/Shorewall/Nat.pm
@ -286,8 +286,14 @@ sub process_one_masq1( $$$$$$$$$$$$ )
 				} else {
 				    validate_address $ipaddr, 0;
 				}
-				validate_portpair1( $proto, $rest ) if supplied $rest;
-				$addrlist .= "--to-source $ipaddr ";
+
+				if ( supplied $rest ) {
+				    validate_portpair1( $proto, $rest );
+				    $addrlist .= "--to-source $addr ";
+				} else {
+				    $addrlist .= "--to-source $ipaddr";
+				}
+
 				$exceptionrule = do_proto( $proto, '', '' ) if $addr =~ /:/;
 			    } else {
 				my $ports = $addr;
@ -399,7 +405,11 @@ sub process_one_masq1( $$$$$$$$$$$$ )
    if ( $snat ) {
 	$target =~ s/ .*//;
 	$target .= '+' if $pre_nat;
-	$target .= '(' . $addresses . ')' if $addresses ne '-' && $addresses ne 'NONAT';
+
+	if ( $addresses ne '-' && $addresses ne 'NONAT' ) {
+	    $addresses =~ s/^://;
+	    $target .= '(' . $addresses . ')';
+	}

 	my $line = "$target\t$networks\t$savelist\t$proto\t$ports\t$ipsec\t$mark\t$user\t$condition\t$origdest\t$probability";
 	#
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@ -5559,8 +5559,14 @@ sub process_snat1( $$$$$$$$$$$$ ) {
 			    } else {
 				validate_address $ipaddr, 0;
 			    }
-			    validate_portpair1( $proto, $rest ) if supplied $rest;
-			    $addrlist .= " --to-source $ipaddr";
+
+			    if ( supplied $rest ) {
+				validate_portpair1( $proto, $rest );
+				$addrlist .= " --to-source $addr";
+			    } else {
+				$addrlist .= " --to-source $ipaddr";
+			    }
+
 			    $exceptionrule = do_proto( $proto, '', '' ) if $addr =~ /:/;
 			} else {
 			    my $ports = $addr;