Tom:
Thanks for that assistance.
Shorewall dump said the /var/log/messages file was not present. Had to edit
/etc/rsyslog.d/50-default.conf
and uncomment out 3 lines , and restart syslog, now the dump works. Dumped
it to a text file, attached here to this message.
Also , while the test email I sent last night came through just after I did
the shorewall clear, there is another test email that has not come through
and am notified:
"Delivery to the following recipients is still underway after 10.9 hour(s)"
Im not sure if the clear command happened to temporarily clear the bug while
changing the state or if there is maybe some email server problems where I
am doing the tests from...very odd issue. It seems there was some deliveries
of spam as well (which I guess can never be stopped) after the test message
came through, so that made me believe the problem was fixed, however its
just a "short burst" and I guess the problem reforms after a time...almost
like a greylist issue is compounding the bug perhaps...?
==
Steve
----- Original Message -----
From: "Tom Eastep" <[email protected]>
To: <[email protected]>
Sent: Thursday, November 26, 2015 11:34 AM
Subject: Re: [Shorewall-users] Shorewall 4.5.21.6
On 11/25/2015 9:12 PM, Teknoskillz wrote:
Hello
Brand new to this list, have used the Fw for a long time w no problems
except now after I got a new server, accidently put in the Ver6 along
with
this one and it seemed to cause a conflict. I removed 6 as I dont have a
need for IPV6 right now, and uninstalled shorewall, and reinstalled which
helped a great deal, except there seems to be an issue where email is
disappearing when the fw is running, effectng only incoming mail. Port
scan
confirms the rules are working ok and a shorewall check shows no
troubles. I
am using Ubuntu 14 as the OS with Webmin as the gui. The module it has
for
shorewall is very buggy, and right now it wont even find shorewall , so I
am
doing everything on the command prompt. The last thing I did was a purrge
command, then another install, and the problem seemed fixed, but its back
again.
I do know when the webmin module was working and I was able to stop the
fw
using that interface, the emails came through ok, but when I went to
restart
the fw, webmin would hang up because I guess the installation was bad or
it
was configured to do that. As it is now when I do a shorewall stop
command,
all the traffic to the server is blocked. I was reading there is a file
that
is suppose to be configured to stop this from happening, but its not in
the
specified etc/shorewall directory. Do I need to create it?
When you are running Debian or a Debian derivative like Ubuntu, the
/etc/shorewall directory is minimally populated. Each of the quickstart
guides contain this warning:
Warning
Note to Debian and Ubuntu Users
If you install using the .deb, you will find that your /etc/shorewall
directory is practially empty. This is intentional. The released
configuration file skeletons may be found on your system in the
directory /usr/share/doc/shorewall/default-config. Simply copy the files
you need from that directory to /etc/shorewall and modify the copies.
I also remember that I may have had to reinstall postfix a couple of
times
before any of this happened, but I believe if the postfix or other mail
config was wrong, the mail problem would persist even when the fw is
down.
So I believe this is shorewall related...its been a frustrating issue for
a
while now sending out mail then never getting answers when replies never
go
through. There use to be email bounce messages, but not since the purge.
As I write this now, a couple of test emails I sent came through but 9
minutes later. I do have greylisting on, but they came in while I had
executed a shorewall clear command...so I am not sure if everything is
really ok now, or it was just a coicidence. Argh !
Any assistance or feedback appreciated!
As always, it is best if you forward the output of 'shorewall dump'
collected as described at http://www.shorewall.org/support.htm#guidelines.
Thanks,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple
OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Shorewall 4.5.21.6 Dump at tekbotctf.com - Thu Nov 26 12:26:08 EST 2015
Shorewall is stopped
State:Cleared (Thu Nov 26 10:01:07 EST 2015)
/var/lib/shorewall/firewall was compiled by Shorewall version 4.5.21.6
Counters reset Thu Nov 26 00:17:59 EST 2015
Chain INPUT (policy ACCEPT 3272 packets, 406K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 3178 packets, 2826K bytes)
pkts bytes target prot opt in out source destination
Log (/var/log/messages)
NAT Table
Chain PREROUTING (policy ACCEPT 8209 packets, 624K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 369 packets, 45922 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 12 packets, 888 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 12 packets, 888 bytes)
pkts bytes target prot opt in out source destination
Mangle Table
Chain PREROUTING (policy ACCEPT 11112 packets, 984K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 3272 packets, 406K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 3178 packets, 2826K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 3178 packets, 2826K bytes)
pkts bytes target prot opt in out source destination
Raw Table
Chain PREROUTING (policy ACCEPT 11109 packets, 984K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 3178 packets, 2826K bytes)
pkts bytes target prot opt in out source destination
Conntrack Table (49 out of 65536)
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
group default qlen 1000
inet 65.111.162.249/25 brd 65.111.162.255 scope global eth0
valid_lft forever preferred_lft forever
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
5384423 38253 0 0 0 0
TX: bytes packets errors dropped carrier collsns
5384423 38253 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:ef:26:56:06:4f brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
1903989528 25304264 0 690 0 0
TX: bytes packets errors dropped carrier collsns
1073990209 1262945 0 0 0 0
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
local 65.111.162.249 dev eth0 proto kernel scope host src 65.111.162.249
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
broadcast 65.111.162.255 dev eth0 proto kernel scope link src 65.111.162.249
broadcast 65.111.162.128 dev eth0 proto kernel scope link src 65.111.162.249
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
65.111.162.128/25 dev eth0 proto kernel scope link src 65.111.162.249
default via 65.111.162.129 dev eth0
Per-IP Counters
iptaccount is not installed
NF Accounting
No NF Accounting defined (nfacct not found)
Events
/proc
/proc/version = Linux version 3.13.0-68-generic (buildd@lgw01-46) (gcc
version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #111-Ubuntu SMP Fri Nov 6 18:17:06 UTC
2015
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 1
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 1
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 1
/proc/sys/net/ipv4/conf/lo/log_martians = 1
ARP
? (65.111.162.129) at 00:15:f9:06:3f:42 [ether] on eth0
Modules
ip_set 41249 1 xt_set
iptable_filter 12810 0
iptable_mangle 12695 0
iptable_nat 13011 0
iptable_raw 12678 0
ip_tables 27239 4 iptable_filter,iptable_mangle,iptable_nat,iptable_raw
ipt_ah 12806 0
ipt_CLUSTERIP 13633 0
ipt_ECN 12529 0
ipt_MASQUERADE 12880 0
ipt_REJECT 12541 0
ipt_rpfilter 12546 0
ipt_ULOG 14273 0
nf_conntrack 97202 35 nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,xt_CT,nf_nat_snmp_basic,nf_conntrack_netbios_ns,nf_conntrack_proto_gre,xt_helper,ipt_MASQUERADE,nf_conntrack_proto_udplite,nf_nat,xt_state,xt_connlimit,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_conntrack,nf_conntrack_amanda,ipt_CLUSTERIP,nf_conntrack_proto_sctp,nf_conntrack_netlink,nf_conntrack_broadcast,xt_connmark,nf_conntrack_ftp,nf_conntrack_irc,nf_conntrack_sip,iptable_nat,nf_conntrack_h323,nf_conntrack_ipv4,nf_conntrack_pptp,nf_conntrack_sane,nf_conntrack_snmp,nf_conntrack_tftp
nf_conntrack_amanda 13041 1 nf_nat_amanda
nf_conntrack_broadcast 12589 2 nf_conntrack_netbios_ns,nf_conntrack_snmp
nf_conntrack_ftp 18638 1 nf_nat_ftp
nf_conntrack_h323 73895 1 nf_nat_h323
nf_conntrack_ipv4 15012 1
nf_conntrack_irc 13518 1 nf_nat_irc
nf_conntrack_netbios_ns 12665 0
nf_conntrack_netlink 36223 0
nf_conntrack_pptp 19258 1 nf_nat_pptp
nf_conntrack_proto_gre 14434 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 18822 0
nf_conntrack_proto_udplite 13281 0
nf_conntrack_sane 13143 0
nf_conntrack_sip 28460 1 nf_nat_sip
nf_conntrack_snmp 12857 1 nf_nat_snmp_basic
nf_conntrack_tftp 13121 1 nf_nat_tftp
nf_defrag_ipv4 12758 2 xt_TPROXY,nf_conntrack_ipv4
nf_defrag_ipv6 34768 1 xt_TPROXY
nf_nat 21841 12
nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,ipt_MASQUERADE,nf_nat_proto_gre,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_nat,iptable_nat
nf_nat_amanda 12491 0
nf_nat_ftp 12770 0
nf_nat_h323 17720 0
nf_nat_ipv4 13263 1 iptable_nat
nf_nat_irc 12723 0
nf_nat_pptp 13115 0
nf_nat_proto_gre 13009 1 nf_nat_pptp
nf_nat_sip 17186 0
nf_nat_snmp_basic 17302 0
nf_nat_tftp 12489 0
xt_addrtype 12635 0
xt_AUDIT 12678 0
xt_CHECKSUM 12549 0
xt_CLASSIFY 12507 0
xt_comment 12504 0
xt_connlimit 12636 0
xt_connmark 12755 0
xt_conntrack 12760 0
xt_CT 12956 0
xt_dccp 12606 0
xt_dscp 12597 0
xt_DSCP 12629 0
xt_hashlimit 17618 0
xt_helper 12583 0
xt_iprange 12783 0
xt_length 12536 0
xt_limit 12711 0
xt_LOG 17717 0
xt_mac 12492 0
xt_mark 12563 0
xt_multiport 12798 0
xt_nat 12681 0
xt_NFLOG 12537 0
xt_NFQUEUE 12776 0
xt_owner 12534 0
xt_physdev 12587 0
xt_pkttype 12504 0
xt_policy 12582 0
xt_realm 12498 0
xt_recent 18498 0
xt_sctp 12853 0
xt_set 13181 0
xt_state 12578 0
xt_statistic 12601 0
xt_tcpmss 12501 0
xt_TCPMSS 12664 0
xt_tcpudp 12884 0
xt_time 12661 0
xt_TPROXY 17356 0
Shorewall has detected the following iptables/netfilter capabilities:
ACCOUNT Target (ACCOUNT_TARGET): Not available
Address Type Match (ADDRTYPE): Available
Amanda Helper: Available
Arptables JF: Not available
AUDIT Target (AUDIT_TARGET): Available
Basic Filter (BASIC_FILTER): Available
Capabilities Version (CAPVERSION): 40515
Checksum Target: Available
CLASSIFY Target (CLASSIFY_TARGET): Available
Comments (COMMENTS): Available
Condition Match (CONDITION_MATCH): Not available
Connection Tracking Match (CONNTRACK_MATCH): Available
Connlimit Match (CONNLIMIT_MATCH): Available
Connmark Match (CONNMARK_MATCH): Available
CONNMARK Target (CONNMARK): Available
CT Target (CT_TARGET): Available
DSCP Match (DSCP_MATCH): Available
DSCP Target (DSCP_TARGET): Available
Enhanced Multi-port Match (EMULIPORT): Available
Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
Extended Connmark Match (XCONNMARK_MATCH): Available
Extended CONNMARK Target (XCONNMARK): Available
Extended MARK Target 2 (EXMARK): Available
Extended MARK Target (XMARK): Available
Extended Multi-port Match (XMULIPORT): Available
Extended REJECT (ENHANCED_REJECT): Available
FLOW Classifier (FLOW_FILTER): Available
FTP-0 Helper: Not available
FTP Helper: Available
fwmark route mask (FWMARK_RT_MASK): Available
Geo IP match: Not available
Goto Support (GOTO_TARGET): Available
H323 Helper: Available
Hashlimit Match (HASHLIMIT_MATCH): Available
Header Match (HEADER_MATCH): Not available
Helper Match (HELPER_MATCH): Available
IMQ Target (IMQ_TARGET): Not available
IPMARK Target (IPMARK_TARGET): Not available
IPP2P Match (IPP2P_MATCH): Not available
IP range Match(IPRANGE_MATCH): Available
ipset V5 (IPSET_V5): Not available
iptables -S (IPTABLES_S): Available
IRC-0 Helper: Not available
IRC Helper: Available
Kernel Version (KERNELVERSION): 31300
LOGMARK Target (LOGMARK_TARGET): Not available
LOG Target (LOG_TARGET): Available
Mangle FORWARD Chain (MANGLE_FORWARD): Available
Mark in the filter table (MARK_ANYWHERE): Available
MARK Target (MARK): Available
MASQUERADE Target: Available
Multi-port Match (MULTIPORT): Available
NAT (NAT_ENABLED): Available
Netbios_ns Helper: Available
New tos Match: Available
NFAcct match: Not available
NFLOG Target (NFLOG_TARGET): Available
NFQUEUE Target (NFQUEUE_TARGET): Available
Owner Match (OWNER_MATCH): Available
Owner Name Match (OWNER_NAME_MATCH): Available
Packet length Match (LENGTH_MATCH): Available
Packet Mangling (MANGLE_ENABLED): Available
Packet Type Match (USEPKTTYPE): Available
Persistent SNAT (PERSISTENT_SNAT): Available
Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
Physdev Match (PHYSDEV_MATCH): Available
Policy Match (POLICY_MATCH): Available
PPTP Helper: Available
Rawpost Table (RAWPOST_TABLE): Not available
Raw Table (RAW_TABLE): Available
Realm Match (REALM_MATCH): Available
Recent Match "--reap" option (REAP_OPTION): Not available
Recent Match (RECENT_MATCH): Available
Repeat match (KLUDGEFREE): Available
RPFilter match: Available
SANE-0 Helper: Not available
SANE Helper: Available
SIP-0 Helper: Not available
SIP Helper: Available
SNMP Helper: Available
Statistic Match (STATISTIC_MATCH): Available
TCPMSS Match (TCPMSS_MATCH): Available
TFTP-0 Helper: Not available
TFTP Helper: Available
Time Match (TIME_MATCH): Available
TPROXY Target (TPROXY_TARGET): Available
UDPLITE Port Redirection: Not available
ULOG Target (ULOG_TARGET): Available
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp UNCONN 0 0 *:20000 *:* users:(("miniserv.pl",2296,6))
tcp UNCONN 0 0 *:26150 *:*
users:(("darkplaces64",24577,11))
tcp UNCONN 0 0 *:10000 *:*
users:(("miniserv.pl",3058,6))
tcp UNCONN 0 0 65.111.162.249:53 *:*
users:(("named",1284,535),("named",1284,534),("named",1284,533),("named",1284,532),("named",1284,531),("named",1284,530),("named",1284,529),("named",1284,528))
tcp UNCONN 0 0 127.0.0.1:53 *:*
users:(("named",1284,527),("named",1284,526),("named",1284,525),("named",1284,524),("named",1284,523),("named",1284,522),("named",1284,521),("named",1284,520))
tcp UNCONN 0 0 65.111.162.249:123 *:*
users:(("ntpd",3315,19))
tcp UNCONN 0 0 127.0.0.1:123 *:*
users:(("ntpd",3315,18))
tcp UNCONN 0 0 *:123 *:*
users:(("ntpd",3315,16))
tcp LISTEN 0 10 65.111.162.249:53 *:*
users:(("named",1284,22))
tcp LISTEN 0 10 127.0.0.1:53 *:*
users:(("named",1284,21))
tcp LISTEN 0 128 *:22 *:*
users:(("sshd",1237,3))
tcp LISTEN 0 128 127.0.0.1:11000 *:*
users:(("/usr/share/webm",3003,3))
tcp LISTEN 0 100 *:25 *:*
users:(("master",1568,12))
tcp LISTEN 0 128 127.0.0.1:953 *:*
users:(("named",1284,23))
tcp LISTEN 0 128 *:20000 *:*
users:(("miniserv.pl",2296,5))
tcp LISTEN 0 100 *:993 *:*
users:(("dovecot",1216,38))
tcp LISTEN 0 100 *:995 *:*
users:(("dovecot",1216,25))
tcp LISTEN 0 128 127.0.0.1:10023 *:*
users:(("/usr/sbin/postg",1333,6))
tcp LISTEN 0 50 127.0.0.1:3306 *:*
users:(("mysqld",1272,10))
tcp LISTEN 0 100 *:587 *:*
users:(("master",1568,106))
tcp LISTEN 0 100 *:110 *:*
users:(("dovecot",1216,23))
tcp LISTEN 0 128 127.0.0.1:783 *:* users:(("spamd
child",16647,5),("spamd child",16646,5),("/usr/sbin/spamd",16645,5))
tcp LISTEN 0 100 *:143 *:*
users:(("dovecot",1216,36))
tcp LISTEN 0 128 *:10000 *:*
users:(("miniserv.pl",3058,5))
tcp TIME-WAIT 0 0 65.111.162.249:10000 50.136.116.163:50041
tcp CLOSE-WAIT 1 0 127.0.0.1:11000 127.0.0.1:36067 users:(("/usr/share/webm",3003,4))
tcp TIME-WAIT 0 0 65.111.162.249:10000 50.136.116.163:50042
tcp ESTAB 0 0 65.111.162.249:22 50.136.116.163:64677 users:(("sshd",20585,3))
Traffic Control
Device eth0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 1073990375 bytes 1262946 pkt (dropped 0, overlimits 0 requeues 3)
backlog 0b 0p requeues 3
TC Filters
Device eth0:
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
