| Hi folks, Sorry if my subject doesn’t make much sense, I couldn’t think of a better way to describe the issues I’m having. 1. Despite having a policy of “fw net ACCEPT” I’m unable to make any outbound connections properly, unless I also add a corresponding rule. For example: I want to “nslookup yahoo.com” … if I add the following rule, the DNS lookup works. If I don’t, it doesn’t and there are no log entries to indicate the issue. ACCEPT net:208.67.222.222 fw udp - 53 ACCEPT net:208.67.220.220 fw udp - 53 2. In my process of trying to troubleshoot the issue, I noticed that logging is wonky. If I set my policy’s last line as “all all ACCEPT info” … logging happens. If I set it as “all all REJECT info”, no logging happens. Is there something that I misconfigured? I did a nslookup prior to doing “shorewall dump” and as you’ll see, no logs show up to indicate why the connection failed. I should also note that this host I’m running Shorewall on has OpenVZ on it as well. Everything works when Shorewall is in the “clear” state. I’m also running Shorewall on another similar host (same OS, version, policy) that runs KVM instead of OpenVZ and it works perfectly without me needing to put rules in to accept “return” traffic from me doing a DNS lookup in the example above. Hope this helps. I appreciate everyone’s time and assistance in this. Thanks, Jeff |
shorewall.txt.bz2
Description: BZip2 compressed data
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
