Am 23.09.2018 um 13:03 schrieb Matt Darfeuille:
> On 9/22/2018 6:49 PM, Boris wrote:
>> Hej SW-list,
>>
>>
>> I started a thread two weeks ago but did not get an answer. So I try
>> again but make it in a different way - step by step:
>>
>> With a SW-config that seemed to work fine I get rejects in spite of
>> having an acception-rule for that kind of traffic:
>>
>> shorewall.log:
>> Sep 22 10:59:13 nordgate4 INPUT REJECT IN=eth0 OUT=
>> MAC=00:0d:b9:13:fb:d8:44:4e:6d:6b:c6:92:08:00 SRC=79.247.163.132
>> DST=217.70.192.188 LEN=69 TOS=00 PREC=0x00 TTL=55 ID=38
>> 733 DF PROTO=UDP SPT=1194 DPT=1194 LEN=49 MARK=0
>>
>> rule in /shorewall/tunnels:
>> generic:udp:1194 net 0.0.0.0/0
>>
>> Also, I get forward rejects by simply requesting a WebServer (outside)
>> with port 80 from the loc zone:
>>
>> Sep 22 11:24:35 nordgate4 FORWARD REJECT IN=eth0 OUT=eth1
>> MAC=00:0d:b9:13:fb:d8:44:4e:6d:6b:c6:92:08:00 SRC=134.119.168.179
>> DST=192.168.23.150 LEN=1492 TOS=00 PREC=0x00 TTL=52 ID=1594 DF PROTO=TCP
>> SPT=80 DPT=52436 SEQ=766449736 ACK=1639787111 WINDOW=235 ACK URGP=0 MARK=0
>>
>> rule in /shorewall/policy:
>> loc net ACCEPT
>>
>> Thanks for any idea,
>>
>
> Hi Boris,
>
> As you probably realized by now, the Shorewall lead maintainer (Tom
> Eastep) is temporarily unavailable (1).
>
> Is everything working when Shorewall is cleared ('shorewall clear') (2)?
>
> 1) https://sourceforge.net/p/shorewall/mailman/message/36409518/
> 2) http://shorewall.org/troubleshoot#Connections
>
> -Matt
>
Hej Matt,
thank you very much for your answer!
Yes, I realized Tom Eastep is (was) unavailable. Nevertheless I hope to
find a lot of KnowHow among the membership of this list.
And no, unforunately clearing the SW does not help.
In the meantime, Tom Eastep sent a reply and I will try to follow hints
and have big hopes....
Regards,
Boris
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
