[Ferm] Problem with @resolve and DNAT destination
Alexandre Angel
alexandre.angel at eisti.eu
Fri Jan 20 17:18:22 CET 2012
Hello,
I have problem using @resolve in DNAT destination.
Iptables forbids usage of dns in "--to" option of DNAT target to
prevents the case of dns resolves to more than one host.
Ferm acts the same way, if you put an array in "to" option, you get an error.
While i was trying to setting up transparent proxy, i got this error :
@def $HOST_PROXY = @resolve(proxy.mycompany.fr);
table nat
{
chain PREROUTING
{
proto tcp saddr $ VPN_NETWORKS dport www DNAT to "$HOST_PROXY:3127" <--
variable 'HOST_PROXY' must be a string, but it is an array
proxy.mycompany.fr resolves to one and only one IP.
I understand the fact that ferm is trying to prevent a bad case.
Is there a way to get a string out of an array ? or if ferm detects an
array with only one element, it transforms it to string ?
--
Angel Alexandre / EISTI PAU
System Administrator
alexandre.angel at eisti.fr
(+33|0)5 590 590 68
More information about the Ferm
mailing list