On Sun, Dec 22, 2019 at 11:08:30PM +0100, Markus Reitschuster wrote: > The policy file is quite simple: > > ofen all ACCEPT debug > all fw ACCEPT > fw all ACCEPT > all all REJECT debug > > When trying to ssh from a member of ofen (192.168.1.239) to a member of > tech (192.1688.1.247) I get the following in the logfile: > Dec 22 22:50:36 localhost kernel: [ 6426.160957] ofen-tech ACCEPT IN=br0 > OUT=br0 PHYSIN=eth0 PHYSOUT=wlan0 > MAC=b8:27:eb:25:63:bd:d4:3d:7e:f6:78:26:08:00:45:00:00:3c:7d:d7:40:00:40:06:37:ae:c0:a8:01:ef:c0:a8:01:f7:91:28:00:16:83:65:82:7d:00:00:00:00:a0:02:fa:f0:c8:da:00:00:02:04:05:b4:04:02:08:0a:9c:ed:ca:ee > SRC=192.168.1.239 DST=192.168.1.247 LEN=60 TOS=0x00 PREC=0x00 TTL=64 > ID=32215 DF PROTO=TCP SPT=37160 DPT=22 WINDOW=64240 RES=0x00 SYN URGP=0 > Dec 22 22:50:36 localhost kernel: [ 6426.173197] tech-ofen REJECT IN=br0 > OUT=br0 PHYSIN=wlan0 PHYSOUT=eth0 > MAC=d4:3d:7e:f6:78:26:b8:27:eb:25:63:bd:08:00 SRC=192.168.1.247 > DST=192.168.1.239 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=22 > DPT=37160 WINDOW=2896 0 RES=0x00 ACK SYN URGP=0
The SYN from ofen->tech is being accepted but the SYN,ACK from tech->often is rejected. What's in the RULES file to allow that ? Justin _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
