On 2/9/2014 8:39 AM, Tony Middleton wrote: > I have a small network with a firewall running Debian 7.4. I have a set > of rules as follows > > DNAT net loc:192.168.1.10 tcp 6881 > DNAT net loc:192.168.1.10 udp 6881 > DNAT net loc:192.168.1.10 tcp 7881 > DNAT net loc:192.168.1.10 udp 7881 > DNAT net loc:192.168.1.10 tcp 8881 > DNAT net loc:192.168.1.10 udp 8881 >
> Feb 9 16:24:13 hawthorn kernel: [13732.666341] > Shorewall:net2fw:DROP:IN=eth1 OUT= > MAC=00:05:5d:df:2b:c0:00:30:b8:d1:dd:34:08:00 SRC=105.237.76.28 > DST=86.16.18.41 LEN=129 TOS=0x00 PREC=0x00 TTL=111 ID=16779 PROTO=UDP > SPT=55180 DPT=7881 LEN=109 > This is Shorewall FAQ 1J (http://www.shorewall.org/FAQ.htm#faq1j). There is a conntrack entry that was created between the time that eth1 was brought up and when Shorewall was started. You need to install the 'conntrack' utility and delete the entry. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
