On 9/22/2018 6:49 PM, Boris wrote:
> Hej SW-list,
>
>
> I started a thread two weeks ago but did not get an answer. So I try
> again but make it in a different way - step by step:
>
> With a SW-config that seemed to work fine I get rejects in spite of
> having an acception-rule for that kind of traffic:
>
> shorewall.log:
> Sep 22 10:59:13 nordgate4 INPUT REJECT IN=eth0 OUT=
> MAC=00:0d:b9:13:fb:d8:44:4e:6d:6b:c6:92:08:00 SRC=79.247.163.132
> DST=217.70.192.188 LEN=69 TOS=00 PREC=0x00 TTL=55 ID=38
> 733 DF PROTO=UDP SPT=1194 DPT=1194 LEN=49 MARK=0
>
> rule in /shorewall/tunnels:
> generic:udp:1194 net 0.0.0.0/0
>
> Also, I get forward rejects by simply requesting a WebServer (outside)
> with port 80 from the loc zone:
>
> Sep 22 11:24:35 nordgate4 FORWARD REJECT IN=eth0 OUT=eth1
> MAC=00:0d:b9:13:fb:d8:44:4e:6d:6b:c6:92:08:00 SRC=134.119.168.179
> DST=192.168.23.150 LEN=1492 TOS=00 PREC=0x00 TTL=52 ID=1594 DF PROTO=TCP
> SPT=80 DPT=52436 SEQ=766449736 ACK=1639787111 WINDOW=235 ACK URGP=0 MARK=0
>
> rule in /shorewall/policy:
> loc net ACCEPT
>
> Thanks for any idea,
>
Hi Boris,
As you probably realized by now, the Shorewall lead maintainer (Tom
Eastep) is temporarily unavailable (1).
Is everything working when Shorewall is cleared ('shorewall clear') (2)?
1) https://sourceforge.net/p/shorewall/mailman/message/36409518/
2) http://shorewall.org/troubleshoot#Connections
-Matt
--
Matt Darfeuille
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
