Re: [Shorewall-users] Shorewall 5.2.3.2 - Icinga client doesn't get a connection to Icinga master

Mon, 14 Oct 2019 05:41:40 -0700 

Many thanks,

for your links for checking the problem. I have saw your answers today, 
because after a change of ISP my MX-record was wrong written at my used domain 
on this mailing list.

I have changed interfaces to

###############################################################################
?FORMAT 2
###############################################################################
#ZONE   INTERFACE       OPTIONS
net     $NET_IF         dhcp,routefilter,tcpflags
loc     $LOC_IF         routeback,bridge

with params
NET_IF=vmbr0
LOC_IF=vmbr1

The problem is still the failed connection of the VM guests to Icinga on the 
host. The local network is 192.168.1.0/24 on vmbr1. I tested from 192.168.1.70 
with
# nc -vz 192.168.1.66 5665
neckar.germany.com [192.168.1.66] 5665 (?) : Connection refused
So I observed on 192.168.1.66
# shorewall show log | grep 192.168.1.66
Oct 14 13:51:38 Shorewall:loc-fw:REJECT:IN=vmbr1 OUT= SRC=192.168.1.70 
DST=192.168.1.66 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=39891 DF PROTO=TCP 
SPT=59122 DPT=5665 WINDOW=29200 RES=0x00 SYN URGP=0 

# shorewall show loc-fw
Shorewall 5.2.3.2 Chain loc-fw at neckar - Mo 14. Okt 14:08:35 CEST 2019

Counters reset Mo 14. Okt 13:41:44 CEST 2019

Chain loc-fw (1 references)
 pkts bytes target     prot opt in     out     source               
destination         
    3   180 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0   
         
ctstate INVALID,NEW,UNTRACKED
    3   180 tcpflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
         
ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
        
    3   180 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
         
tcp dpt:5665 /* ICINGA */
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0   
         
ADDRTYPE match dst-type BROADCAST
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0   
         
ADDRTYPE match dst-type ANYCAST
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0   
         
ADDRTYPE match dst-type MULTICAST
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
         
LOG flags 0 level 6 prefix "loc-fw REJECT "
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        
[goto] 

At rules I have just configured Ichinga with
ICINGA(ACCEPT)     $FW             loc
ICINGA(ACCEPT)     loc             $FW

But I tried also 

ICINGA(ACCEPT)     loc:192.168.1.70             net
ICINGA(ACCEPT)     net             loc:192.168.1.70

or 

ICINGA(ACCEPT)     $FW             net
ICINGA(ACCEPT)     net             $FW

with the same result.

So I haven't still foung a solution.

Best regards 

Andreas

Attachment: shorewall_dump.txt.bz2
Description: application/bzip

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users






















					Reply via email to