[gentoo-user] Shorewall config problem

Peter Humphrey Wed, 06 May 2015 08:21:15 -0700

Hello list,

I've recently installed a new ADSL modem, and now I'm trying to get it to log 
to my LAN server. The modem seems to be sending log messages but Shorewall is 
dropping them at the server.


I have the following:

# grep Syslog /etc/shorewall/rules                          
Syslog(ACCEPT)  net:192.168.1.1 $FW

192.168.1.1 is the ADSL modem, the syslog-ng client.

# cat /usr/share/shorewall/macro.Syslog
?FORMAT 2
PARAM   -       -       udp     514
PARAM   -       -       tcp     514
<snipped comments>

And yet:

# shorewall show log
Shorewall 4.6.6.2 Log (/var/log/messages) at serv - Wed  6 May 15:52:43 BST 
2015

Counters reset Wed  6 May 14:39:52 BST 2015

May  6 15:34:52 net-fw:DROP:IN=eth0 OUT= SRC=192.168.1.1 DST=192.168.1.2 
LEN=57 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=32964 
DPT=514 LEN=37 
May  6 15:35:37 net-fw:DROP:IN=eth0 OUT= SRC=192.168.1.1 DST=192.168.1.2 
LEN=121 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=32964 
DPT=514 LEN=101 
May  6 15:36:57 net-fw:DROP:IN=eth0 OUT= SRC=192.168.1.1 DST=192.168.1.2 
LEN=57 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=32964 
DPT=514 LEN=37 
May  6 15:38:10 net-fw:DROP:IN=eth0 OUT= SRC=192.168.1.1 DST=192.168.1.2 
LEN=83 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=32964 
DPT=514 LEN=63 
May  6 15:38:11 net-fw:DROP:IN=eth0 OUT= SRC=192.168.1.1 DST=192.168.1.2 
LEN=83 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=32964 
DPT=514 LEN=63 
May  6 15:38:11 net-fw:DROP:IN=eth0 OUT= SRC=192.168.1.1 DST=192.168.1.2 
LEN=83 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=32964 
DPT=514 LEN=63 
<snipped more similar entries>

Serv is the name of the syslog-ng server.

# grep Shorewall /var/log/messages
--->8
May  6 15:38:11 serv kernel: Shorewall:net-fw:DROP:IN=eth0 OUT= 
MAC=70:71:bc:94:ee:71:bc:ee:7b:61:8b:60:08:00 SRC=192.168.1.1 
DST=192.168.1.2 LEN=83 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP 
SPT=32964 DPT=514 LEN=63 
--->8

Ifconfig shows 70:71:bc:94:ee:71 as the MAC address of the server's one 
Ethernet interface.

/etc/shorewall/rules has several more rules, all of which do their jobs, e.g:

Squid(ACCEPT)   net:192.168.1.3 $FW
Squid(ACCEPT)   net:192.168.1.6 $FW
SSH(ACCEPT)     net:192.168.1.3 $FW
SSH(ACCEPT)     net:192.168.1.6 $FW

Where's the inconsistency? If the Squid and SSH rules work, why doesn't the 
Syslog rule?

Or are the extra 8 bytes in the MAC address the problem? Of course I can't 
change the format of the modem's output, so in that case I'll need to tell 
Shorewall to ignore them - is that possible?

Can someone shed some light on this, please?

-- 
Rgds
Peter

[gentoo-user] Shorewall config problem

Reply via email to