> I have hosed myself. I didn't tar up the configuration once > it started > working, and I tried to reproduce the problem and now cannot > get it back > working, so indications are that the solution is a bit more > than changing > the LOG tag... The sad thing is I was very sure I had only > changed/added > log items and https rule to $FW all instead of $FW net when it started > working. I have not yet figured out how to fix it, so > anyway, if nothing > else, it is an opportunity to log as a known issue. > > The attached configuration is broken. Failed attempts are > > SRC=192.168.128.7 DST=212.85.147.126 > > To try to make sure it wasn't a destination fault, after the > failure, I > did shorewall clear and retried. The https link succeeded, > after which > I immediately did a start. The https link attempt again > fails even with > the LOG rule not triggering the truncation warning.
It turns out I did do something else to the configuration to get it to work. I had added two more LOG entries to debug the situation. It wasn't the HTTPSout log rule rename to 443out that fixed it. Apparently what fixed it was adding two more log rules. LOG:$LOG:NETout $FW net tcp - - - - - LOG:$LOG:NETin net all tcp - - - - With the NETout and NETin rules added, the https configuration works for either instance of the https log tag, but if I comment out the the NETin log rule, things break again. This is very weird. Do you want the rules file too? --- Kevin R. Bulgrien Design and Development Engineer VertexRSI This email message is for the sole use of the intended recipient(s) and may contain General Dynamics SATCOM Technologies confidential or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not an intended recipient, please contact the sender by reply email and destroy all copies of the original message. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
