Michael
Michael D Schleif wrote:
I am stymied by my inability to establish the simplest connection with
my test Bering-uClibc system:
/var/log/shorewall.log:
Mar 22 00:38:35 PlatinumWALL Shorewall:net2all:DROP: IN=eth0 OUT=
MAC=00:50:04:20:ec:d1:00:01:02:6c:6b:4b:08:00 SRC=192.168.123.150
DST=192.168.123.30 LEN=60 TOS=00 PREC=0x00 TTL=64 ID=31774 DF
PROTO=TCP SPT=57576 DPT=22 SEQ=721372925 ACK=0 WINDOW=5840 SYN
URGP=0
For those who miss the significance of this log entry,
/usr/share/shorewall/rfc1918 has 192.168.0.0/16 commented OUT.
It would be sufficient to _not_ declare norfc1918 in
/etc/shorewall/interfaces
Default /usr/share/shorewall/action.AllowSSH:
ACCEPT - - tcp 22
I normally put these in /etc/shorewall/rules
ACCEPT loc fw tcp ssh
Nearest I can tell, with my limited Shorewall experience, is this from
`shorewall show':
Chain net2all (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
812 125K Drop all -- * * 0.0.0.0/0 0.0.0.0/0
I do not understand how these packets get to this point, much less what
is `net2all' in the first place? Am I missing some critical
documentation?
net2all is the chain which handles traffic from the net to all
destinations. The packets got there because there was no matching rule
before.
What do you think?
read more on www.shorewall.net
cheers
Erich
-------------------------------------------------------
This SF.net email is sponsored by: 2005 Windows Mobile Application Contest
Submit applications for Windows Mobile(tm)-based Pocket PCs or Smartphones
for the chance to win $25,000 and application distribution. Enter today at
http://ads.osdn.com/?ad_id=6882&alloc_id=15148&op=click
------------------------------------------------------------------------
leaf-user mailing list: [email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
