Tom, I followed your suggestion but no result. I am a little farther however. It seems that the entry is blocked via the RFC1918 rule list as the error is logdrop:
Apr 15 15:54:15 renault Shorewall:logdrop:DROP: IN=eth0 OUT= MAC=00:01:02:0c:f0:b1:00:05:5f:eb:38:8d:08:00 SRC=xxx.xxx.xxx.xxx DST=xxx.xxx.xxx.xxx LEN=60 TOS=00 PREC=0x00 TTL=62 ID=38469 CE DF PROTO=TCP SPT=46244 DPT=22 SEQ=1930172565 ACK=0 WINDOW=5840 SYN URGP=0 My rules are: ############################################################################## #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # PORT PORT(S) DEST # Accept DNS connections from the firewall to the network # ACCEPT fw net tcp 53 ACCEPT fw net udp 53 ACCEPT fw net:nic.lth.se tcp ACCEPT fw net udp 37,123 # # Accept SSH connections from the local network for administration # ACCEPT loc fw tcp 22,20,21 # Accept external SSH connection from xxx.xxx.xxx.xxx (Mark) ACCEPT net:xxx.xxx.xxx.xxx fw tcp 22 ACCEPT fw net:xxx.xxx.xxx.xxx tcp # # Allow Ping To And From Firewall # ACCEPT loc fw icmp 8 ACCEPT net fw icmp 8 ACCEPT fw loc icmp 8 ACCEPT fw net icmp 8 # # Bering specific rules: # allow loc to fw udp/53 for dnscache to work # allow loc to fw tcp/80 for weblet to work # ACCEPT loc fw udp 53 ACCEPT loc fw tcp 80 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE The strange thing is also that, although a ping from the net to the firewall is allowed, the firewall cannot be pinged (that rule was in the original RULES-file). The firewall works perfectly from all local systems, I can ping from the firewall and access the ntp-server but controlled access to the firewall is a problem. Can it be that the iptables is misconfigured and do you have any suggestions? I need this access as we want to setup a radius-server on both ends with equal certificates, etc. and my radius knowledge is very low. (I will make a backup as soon as the problem is solved as I work memory only and the firewall is already up for 60 days). Hope you can give some clues. Joep On Thu, 2005-04-14 at 16:33, Tom Eastep wrote: > Tom Eastep wrote: > > Joel Louis Blom wrote: > > > >>Can somebody point to my error of thinking with Shorewall? > > > > I'm guessing that it is not Shorwall that is blocking the SSH access but > > rather tcp wrappers -- check your /etc/hosts.allow file. > > > > And if you still believe that it is Shorewall blocking your access then > please submit the information requested at > http://shorewall.net/support.htm#Guidelines > > -Tom ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
