Hello list,

Shorewall is installed on my mail server. Its policy is to ACCEPT all traffic 
from $fw to net (same interface). Since the only thing I changed in the 
configuration is the policy file, I will paste the policy file that it working 
(mail is sent), and the policy file that is not working (mail is not sent).


NON-WORKING POLICY

root@messagerie[10.10.10.19] ~ # cat /etc/shorewall/policy
[...]
$FW     net     ACCEPT
net     $FW     DROP    INFO
root@messagerie[10.10.10.19] ~ #


shorewall dump after doing a shorewall reset then trying to send mail to host 
192.162.70.68 : https://clbin.com/yO9h3. You can see that the connexion isn't 
even listed.






WORKING POLICY

root@messagerie[10.10.10.19] ~ # cat /etc/shorewall/policy
[...]
$FW     net     ACCEPT
net     $FW     ACCEPT
root@messagerie[10.10.10.19] ~ #


shorewall dump after doing a shorewall reset then trying to send mail to host 
192.162.70.68 : https://clbin.com/cm7Ov. You can see the connexion is ASSURED 
(traffic seen in both ways)




When I do a tcpdump while sending the mail, I can see that my firewall can't 
seem to establish a TCP connexion. It keeps sending the same TCP sequence 
number, which the pair acks, but my server doesn't ack back, see a tcpdump 
session here b/w my mail server and yahoo mail : 
https://gist.githubusercontent.com/ychaouche/4d25e7bccaad51ee81fa16dd026d059d/raw/e77de674057c743dcbe79b0c8137031871846dec/gistfile1.txt


Thanks for any help !


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to