Hi All,
I am seeing an issue with ssh session getting dropped when i restart
shorewall. I would restart the shorewall when there is a config change.
Issue:
1) start a connection from the box to remote ip and send traffic
This will create a conntrack entry like below , with zone=1
ipv4 2 tcp 6 300 ESTABLISHED src=10.24.53.11 dst=10.16.16.240
sport=58021 dport=22 src=10.16.16.240 dst=10.24.53.11 sport=22 dport=58021
[ASSURED] mark=0 *zone=1* use=3
2) when i restart shorewall because, it flushed the iptable rule i believe,
since there is not iptable rules, another connection track will be create
with zone=0 , which will cause the connection to drop.
ipv4 2 tcp 6 159 ESTABLISHED src=10.16.16.240 dst=10.24.53.11
sport=22 dport=58021 src=10.24.53.11 dst=10.16.16.240 sport=58021 dport=22
[ASSURED] mark=0 *zone=0* use=2
ipv4 2 tcp 6 300 ESTABLISHED src=10.24.53.11 dst=10.16.16.240
sport=58021 dport=22 src=10.16.16.240 dst=10.24.53.11 sport=22 dport=58021
[ASSURED] mark=0 *zone=1* use=3
I have the zone entry in conntrack file with the below lines .
IPTABLES(CT --zone 1) eth5 -
IPTABLES(CT --zone 1):O 0.0.0.0/0 eth5
Appreciate any steps to avoid creating the default zone=0 conntrack getting
created, even tough we have a connection entry present for the flow.
Thanks,
Naveen
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
