On Mon, 10 Jun 2002, Brad Fritz wrote: > > > > # tail syslog > > > > Jun 10 22:50:03 yoreach kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= > > MAC=00:10:5a:e1:e3:8b:00:20:6f:05:f9:6d:08:00 SRC=10.1.2.248 DST=10.1.2.203 > > LEN=44 TOS=0x00 PREC=0x00 TTL=60 ID=5663 PROTO=TCP SPT=23 DPT=1025 WINDOW=409 > >6 > > RES=0x00 ACK SYN URGP=0 > > > > So, what am I missing? > > The above iptables log entry is not from the ping (it's TCP not > ICMP), but it *may* still hold the answer to your question. The > rule that dropped the packet above is "Shorewall:rfc1918" which > probably means you have a "norfc1918" entry in the eth0 line of > your /etc/shorewall/interfaces file. Your ping to 10.1.2.248 > *might* be dropped by that rule as well. > > Not being intimately familiar with iptables and the inner workings > of shorewall, I'm a bit confused why a rfc1918 chain would override > the default policy. Did you run "shorewall restart" after making > your changes? >
He cleared the filter table -- the above message is probably generated by a rule in the mangle table (I can't be sure since both the source and destination IP addresses are reserved under RFC 1918). You are correct that the underlying problem is probably that 'norfc1918' is specified on an interface where it shouldn't be. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
