Hi, I upgraded from Debian 9 to Debian 10 Buster. Shorewall version: 5.2.3.2
Outgoing snmp connections do not work any longer. In /var/log/messages I see this errors: Jul 27 20:18:07 icc-fw kernel: [ 5366.830793] nf_ct_snmp: dropping packet: parser failed Jul 27 20:18:07 icc-fw kernel: [ 5366.830793] IN= OUT= SRC=< SERVER_IP> DST=<ROUTER_IP> LEN=91 TOS=0x00 PREC=0x00 TTL=63 ID=47953 DF PROTO=UDP SPT=35997 DPT=161 LEN=71 Jul 27 20:18:07 icc-fw kernel: [ 5366.852884] nf_ct_snmp: dropping packet: parser failed Jul 27 20:18:07 icc-fw kernel: [ 5366.852884] IN= OUT= SRC=< SERVER_IP> DST=<ROUTER_IP> LEN=90 TOS=0x00 PREC=0x00 TTL=63 ID=13361 DF PROTO=UDP SPT=33460 DPT=161 LEN=70 The netfilter helpers are loaded: lsmod | grep snmp nf_nat_snmp_basic 16384 0 nf_conntrack_snmp 16384 3 nf_nat_snmp_basic nf_conntrack_broadcast 16384 2 nf_conntrack_netbios_ns,nf_conntrack_snmp nf_conntrack 172032 35 xt_conntrack,nf_nat_irc,nf_nat,nf_conntrack_tftp,nf_nat_ftp,xt_state,nf_conntrack_pptp,nf_nat_ipv6,ipt_MASQUERADE,nf_conntrack_netbios_ns,nf_conntrack_sane,nf_nat_ipv4,xt_nat,nf_nat_tftp,nf_nat_amanda,nf_conntrack_sip,xt_helper,nf_conntrack_h323,nf_nat_pptp,xt_NETMAP,nf_conntrack_broadcast,nf_conntrack_irc,nf_conntrack_amanda,nf_conntrack_netlink,xt_connmark,nf_conntrack_proto_gre,nf_conntrack_ftp,xt_CT,nf_nat_h323,nf_conncount,nf_conntrack_snmp,nf_nat_snmp_basic,xt_connlimit,nf_nat_sip,xt_REDIRECT I suspect it is a configuration error, but I have no idea what to change. Please point me in the right direction. With best regards Walter Hofstaedtler
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
