On Wed, Apr 11, 2012 at 5:35 PM, Tom Eastep <[email protected]> wrote:
>
> Have you looked at eth1 with tcpdump when doing this test? If you use
> the -e option (e.g., tcpdump -nei eth1 port 25 and host <nmap-host-ip>)
> you can see if the mail server is responding and with what destination MAC.
>
On the shorewall box:
# ip l
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:18:8b:e7:34:90 brd ff:ff:ff:ff:ff:ff
3: eth3: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:04:23:e0:8a:50 brd ff:ff:ff:ff:ff:ff
4: eth4: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:04:23:e0:8a:51 brd ff:ff:ff:ff:ff:ff
5: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether *00:04:23:e0:8c:20* brd ff:ff:ff:ff:ff:ff
6: eth2: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:04:23:e0:8c:21 brd ff:ff:ff:ff:ff:ff
7: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
44: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1500 qdisc pfifo_fast
qlen 100
link/[65534]
45: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1492 qdisc pfifo_fast
qlen 3
link/ppp
On the mail box:
# ip l
1: eth0: <BROADCAST,MULTICAST,SLAVE,UP,10000> mtu 1500 qdisc pfifo_fast
master bond0 qlen 1000
link/ether *00:15:c5:60:86:b3* brd ff:ff:ff:ff:ff:ff
2: eth1: <BROADCAST,MULTICAST,SLAVE,UP,10000> mtu 1500 qdisc pfifo_fast
master bond0 qlen 1000
link/ether *00:10:18:1c:57:b7* brd ff:ff:ff:ff:ff:ff
3: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 00:15:c5:60:86:b4 brd ff:ff:ff:ff:ff:ff
4: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
5: bond0: <BROADCAST,MULTICAST,MASTER,UP,10000> mtu 1500 qdisc noqueue
link/ether 00:10:18:1c:57:b7 brd ff:ff:ff:ff:ff:ff
When I run the test from the nmap-host-ip I see on shorewall box
# tcpdump -nei eth1 port 25 and host <nmap-host-ip>
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
08:01:11.411377 *00:04:23:e0:8c:20* > *00:15:c5:60:86:b3*, ethertype IPv4
(0x0800), length 58: <nmap-host-ip>.53627 > 192.168.1.9.25: S
641556343:641556343(0) win 2048 <mss 1452>
08:01:11.411468 *00:10:18:1c:57:b7* > *00:04:23:e0:8c:20*, ethertype IPv4
(0x0800), length 60: 192.168.1.9.25 > <nmap-host-ip>.53627: S
2281575337:2281575337(0) ack 641556344 win 5840 <mss 1460>
08:01:11.512664 *00:04:23:e0:8c:20* > *00:15:c5:60:86:b3*, ethertype IPv4
(0x0800), length 58: <nmap-host-ip>.53628 > 192.168.1.9.25: S
641490806:641490806(0) win 3072 <mss 1452>
08:01:11.512782 *00:10:18:1c:57:b7* > *00:04:23:e0:8c:20*, ethertype IPv4
(0x0800), length 60: 192.168.1.9.25 > <nmap-host-ip>.53628: S
2381413036:2381413036(0) ack 641490807 win 5840 <mss 1460>
08:01:15.723446 *00:10:18:1c:57:b7* > *00:04:23:e0:8c:20*, ethertype IPv4
(0x0800), length 60: 192.168.1.9.25 > <nmap-host-ip>.53627: S
2281575337:2281575337(0) ack 641556344 win 5840 <mss 1460>
08:01:15.923454 *00:10:18:1c:57:b7* > *00:04:23:e0:8c:20*, ethertype IPv4
(0x0800), length 60: 192.168.1.9.25 > <nmap-host-ip> .53628: S
2381413036:2381413036(0) ack 641490807 win 5840 <mss 1460>
[...]
For what I understand I shouldn't have any output from tcpdump, or is it
normal? Do you see routing issues?
About the Shorewall version earlier than 4.2.0, I already planned an
upgrade for the future, but I was wondering if this problem comes from a
configuration mistake or what else. It's always a challenge to fix such
kind of issues.
Thanks Tom for your precious advises and support, and for making Shorewall
a valuable tool.
Alessandro
------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
