Hello list, Shorewall is installed on my mail server. Its policy is to ACCEPT all traffic from $fw to net (same interface). Since the only thing I changed in the configuration is the policy file, I will paste the policy file that it working (mail is sent), and the policy file that is not working (mail is not sent).
NON-WORKING POLICY root@messagerie[10.10.10.19] ~ # cat /etc/shorewall/policy [...] $FW net ACCEPT net $FW DROP INFO root@messagerie[10.10.10.19] ~ # shorewall dump after doing a shorewall reset then trying to send mail to host 192.162.70.68 : https://clbin.com/yO9h3. You can see that the connexion isn't even listed. WORKING POLICY root@messagerie[10.10.10.19] ~ # cat /etc/shorewall/policy [...] $FW net ACCEPT net $FW ACCEPT root@messagerie[10.10.10.19] ~ # shorewall dump after doing a shorewall reset then trying to send mail to host 192.162.70.68 : https://clbin.com/cm7Ov. You can see the connexion is ASSURED (traffic seen in both ways) When I do a tcpdump while sending the mail, I can see that my firewall can't seem to establish a TCP connexion. It keeps sending the same TCP sequence number, which the pair acks, but my server doesn't ack back, see a tcpdump session here b/w my mail server and yahoo mail : https://gist.githubusercontent.com/ychaouche/4d25e7bccaad51ee81fa16dd026d059d/raw/e77de674057c743dcbe79b0c8137031871846dec/gistfile1.txt Thanks for any help ! ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users