Yes: Jan 6 17:03:24 munin logger: Shorewall Stopped
Jan 6 17:04:12 munin kernel: [ 1.029009] r8169 0000:02:00.0 eth0: RTL8168d/8 111d at 0xffffc90000378000, 48:5b:39:ac:1b:5e, XID 083000c0 IRQ 42 Jan 6 17:04:12 munin kernel: [ 1.029022] r8169 0000:02:00.0 eth0: jumbo feat ures [frames: 9200 bytes, tx checksumming: ko] Jan 6 17:04:12 munin kernel: [ 1.510458] e1000 0000:01:00.0 eth1: (PCI:33MHz :32-bit) 00:1b:21:3a:82:66 Jan 6 17:04:12 munin kernel: [ 1.510475] e1000 0000:01:00.0 eth1: Intel(R) P RO/1000 Network Connection Jan 6 17:04:12 munin kernel: [ 9.201315] r8169 0000:02:00.0 eth0: link down Jan 6 17:04:12 munin kernel: [ 9.201351] r8169 0000:02:00.0 eth0: link down Jan 6 17:04:12 munin kernel: [ 9.201379] IPv6: ADDRCONF(NETDEV_UP): eth0: li nk is not ready Jan 6 17:04:12 munin kernel: [ 10.841359] r8169 0000:02:00.0 eth0: link up Jan 6 17:04:12 munin kernel: [ 10.841376] IPv6: ADDRCONF(NETDEV_CHANGE): eth0 : link becomes ready Jan 6 17:04:12 munin kernel: [ 13.125508] IPv6: ADDRCONF(NETDEV_UP): eth1: li nk is not ready Jan 6 17:04:12 munin kernel: [ 13.149753] e1000: eth1 NIC Link is Up 1000 Mbp s Full Duplex, Flow Control: RX/TX Jan 6 17:04:12 munin kernel: [ 13.149911] IPv6: ADDRCONF(NETDEV_CHANGE): eth1 : link becomes ready ________________________________________ From: Tom Eastep [teas...@shorewall.net] Sent: Monday, January 6, 2014 21:58 To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] Closing FW prior to network initialization On 1/6/2014 12:36 PM, Øyvind Lode wrote: > No, I do not even have a stoppedrules file: > > munin:~$ cat /etc/shorewall/stoppedrules > cat: /etc/shorewall/stoppedrules: No such file or directory > munin:~$ > > I have udp 123 forwarded (DNAT) to the box running ntpd. > > All works well but of some reason some packets are dropped every time I > reboot. > > I guess that is normal behaviour since the purpose of shorewall-init is to > close the FW prior to networking since networking is brought up before > shorewall is started. > > But I don't understand why these packets are still dropped when shorewall is > running. > > All new udp connections is accepted and forwarded to the ntpd box. > > But running conntrack -F fixes the problem. Is shorewall-init actually starting before networking (e.g., do you see a 'Shorewall stopped' message in syslog before the interfaces are brought up?). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
