Tom Eastep wrote: > On 8/13/2014 8:16 AM, cac...@quantum-sci.com wrote: >> Attached. >> > Hmmm -- that's not good. > > Please forward: > > - the setting of HELPERS in shorewall.conf HELPERS= as from the factory.
> - the output of 'shorewall show -f capabilities' Attached. > - the contents of /etc/shorewall/conntrack Don't got no conntrack.
# # Shorewall 4.6.2.2 detected the following iptables/netfilter capabilities - Wed Aug 13 09:04:09 PDT 2014 # ACCOUNT_TARGET= ADDRTYPE=Yes AMANDA_HELPER=Yes ARPTABLESJF= AUDIT_TARGET=Yes BASIC_EMATCH=Yes BASIC_FILTER=Yes CAPVERSION=40600 CHECKSUM_TARGET=Yes CLASSIFY_TARGET=Yes COMMENTS=Yes CONDITION_MATCH= CONNLIMIT_MATCH=Yes CONNMARK_MATCH=Yes CONNMARK=Yes CONNTRACK_MATCH=Yes CT_TARGET=Yes DSCP_MATCH=Yes DSCP_TARGET=Yes EMULTIPORT=Yes ENHANCED_REJECT=Yes EXMARK=Yes FLOW_FILTER=Yes FTP0_HELPER= FTP_HELPER=Yes FWMARK_RT_MASK=Yes GEOIP_MATCH= GOTO_TARGET=Yes H323_HELPER=Yes HASHLIMIT_MATCH=Yes HEADER_MATCH= HELPER_MATCH=Yes IMQ_TARGET= IPMARK_TARGET= IPP2P_MATCH= IPRANGE_MATCH=Yes IPSET_MATCH= IPSET_MATCH_COUNTERS= IPSET_MATCH_NOMATCH= IPSET_V5= IPTABLES_S=Yes IRC0_HELPER= IRC_HELPER=Yes KERNELVERSION=31400 KLUDGEFREE=Yes LENGTH_MATCH=Yes LOGMARK_TARGET= LOG_TARGET=Yes MANGLE_ENABLED=Yes MANGLE_FORWARD=Yes MARK_ANYWHERE=Yes MARK=Yes MASQUERADE_TGT=Yes MULTIPORT=Yes NAT_ENABLED=Yes NETBIOS_NS_HELPER=Yes NEW_CONNTRACK_MATCH=Yes NEW_TOS_MATCH=Yes NFACCT_MATCH=Yes NFLOG_TARGET=Yes NFQUEUE_TARGET=Yes OLD_CONNTRACK_MATCH= OLD_HL_MATCH= OLD_IPP2P_MATCH= OLD_IPSET_MATCH= OWNER_MATCH=Yes OWNER_NAME_MATCH=Yes PERSISTENT_SNAT=Yes PHYSDEV_BRIDGE=Yes PHYSDEV_MATCH=Yes POLICY_MATCH=Yes PPTP_HELPER=Yes RAWPOST_TABLE= RAW_TABLE=Yes REALM_MATCH=Yes REAP_OPTION=Yes RECENT_MATCH=Yes RPFILTER_MATCH=Yes SANE0_HELPER= SANE_HELPER=Yes SIP0_HELPER= SIP_HELPER=Yes SNMP_HELPER=Yes STATISTIC_MATCH=Yes TCPMSS_MATCH=Yes TFTP0_HELPER= TFTP_HELPER=Yes TIME_MATCH=Yes TPROXY_TARGET=Yes UDPLITEREDIRECT= ULOG_TARGET=Yes USEPKTTYPE=Yes XCONNMARK_MATCH=Yes XCONNMARK=Yes XMARK=Yes XMULTIPORT=Yes
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
