I'm trying to diagnose a random DROP of some packets. Those packets are coming from the net and should be forwarded to a host in loc with this shorewall-rules line:
DNAT- net 192.168.5.252:25 tcp 25 - 80.17.99.74 Packets usually reach 192.168.5.252, but, many times a day, I find lines like the following logged: Mar 3 14:48:11 nsec-primary kernel: Shorewall:net2fw:DROP:IN=en4 OUT= MAC=08:35:71:07:23:84:54:4b:8c:95:74:29:08:00 SRC=167.89.11.190 DST=80.17.99.74 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=54071 DF PROTO=TCP SPT=36191 DPT=25 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x300 As you can see, the chain is net2fw, but the packet should have been DNATed. I have a trace for the same packet: Mar 3 14:48:11 nsec-primary kernel: TRACE: mangle:INPUT:policy:1 IN=en4 OUT= MAC=08:35:71:07:23:84:54:4b:8c:95:74:29:08:00 SRC=167.89.11.190 DST=80.17.99.74 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=54071 DF PROTO=TCP SPT=36191 DPT=25 SEQ=3789610332 ACK=0 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x300 When tracing, I also found packets that were correctly forwarded. Here's the trace for reference: Mar 3 14:48:11 nsec-primary kernel: TRACE: mangle:FORWARD:rule:2 IN=en4 OUT=en0 MAC=08:35:71:07:23:84:54:4b:8c:95:74:29:08:00 SRC=167.89.11.190 DST=192.168.5.252 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=54072 DF PROTO=TCP SPT=36191 DPT=25 SEQ=3789610333 ACK=0 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x300 Looking at the packet ID (54072), it's a retransmission. It seems more a connection tracking problem, but I'm asking here looking for some advice on further debugging this issue. Environment: CentOS 7, kernel 3.10.0-1062.9.1.el7.x86_64, shorewall-5.1.10.2-1.el7.noarch -- Ciao, Filippo _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
