[Shorewall-users] Non rfc1918 address dropped as rfc1918 address

Mon, 07 Jul 2008 13:02:10 -0700 

schaffter ~ # /sbin/shorewall version
3.4.8
schaffter ~ # ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop
    link/ether ce:c2:15:ba:6a:75 brd ff:ff:ff:ff:ff:ff
3: eql: <MASTER> mtu 576 qdisc noop qlen 5
    link/slip
4: teql0: <NOARP> mtu 1500 qdisc noop qlen 100
    link/void
5: tunl0: <NOARP> mtu 1480 qdisc noop
    link/ipip 0.0.0.0 brd 0.0.0.0
6: gre0: <NOARP> mtu 1476 qdisc noop
    link/gre 0.0.0.0 brd 0.0.0.0
7: sit0: <NOARP> mtu 1480 qdisc noop
    link/sit 0.0.0.0 brd 0.0.0.0
8: ip6tnl0: <NOARP> mtu 1460 qdisc noop
    link/tunnel6 :: brd ::
9: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether fe:ff:00:00:50:d8 brd ff:ff:ff:ff:ff:ff
    inet 80.68.91.163/32 scope global eth0
    inet6 fe80::fcff:ff:fe00:50d8/64 scope link
       valid_lft forever preferred_lft forever
schaffter ~ # ip route show
127.0.0.0/8 dev lo  scope link
default dev eth0  scope link



schaffter.com is on address 80.68.91.163
schaffter.com runs gentoo linux under a UML (User Mode Linux) server.



In /etc/shorewall/shorewall.conf I can find the two rows:
RFC1918_LOG_LEVEL=info
RFC1918_STRICT=No
and of course much more.


On a general point of view, everything works fine.



My problem:

All traffic that we have tried from the external IP address
77.193.149.159 is rejected by my firewall, with messages looking like

Jul  7 19:26:27 schaffter kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT=
MAC=fe:ff:00:00:50:d8:fe:ff:00:00:00:01:08:00 SRC=77.193.149.159
DST=80.68.91.163 LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=1355 DF
PROTO=TCP SPT=1128 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0

We have tried to send TCP traffic to port 80, UDP to port 53 and to ping.

All traffic from this source address is refused by my shorewall with
'rfc1918:DROP'.

To my understanding, the address 77.193.149.159 should not be an
'rfc1918 address' and to my understanding it isn't mentioned
explicitly or implicitly in the rfc1918 file.
I have made no modifications to the /etc/shorewall/rfc1918 file myself.

Could someone please point me in the right direction so that I can
understand what's going on ?

If I need to provide further information, please tell me what to include.


Best regards
Gus

-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to