Re: [Shorewall-users] nf_ct_snmp: dropping packet: parser failed

Mon, 27 Jul 2020 23:30:22 -0700 

Hi Walter,

when I upgraded to Debian 10, I found that I needed to run the following 
command to update my Shorewall config files:

shorewall update

The man page gives an explaination of what the command does.

I hope this helps.

Kind regards,

Bruce Bannerman


> On 28 Jul 2020, at 15:54, Walter Hofstädtler <wal...@hofstaedtler.com> wrote:
> 
> Hi,
>  
> I upgraded from Debian 9 to Debian 10 Buster. Shorewall version: 5.2.3.2 
> Outgoing snmp connections do not work any longer. In /var/log/messages I see 
> this errors:
>  
> Jul 27 20:18:07 icc-fw kernel: [ 5366.830793] nf_ct_snmp: dropping packet: 
> parser failed
> Jul 27 20:18:07 icc-fw kernel: [ 5366.830793]  IN= OUT= SRC=< SERVER_IP> 
> DST=<ROUTER_IP> LEN=91 TOS=0x00 PREC=0x00 TTL=63 ID=47953 DF PROTO=UDP 
> SPT=35997 DPT=161 LEN=71
> Jul 27 20:18:07 icc-fw kernel: [ 5366.852884] nf_ct_snmp: dropping packet: 
> parser failed
> Jul 27 20:18:07 icc-fw kernel: [ 5366.852884]  IN= OUT= SRC=< SERVER_IP> 
> DST=<ROUTER_IP> LEN=90 TOS=0x00 PREC=0x00 TTL=63 ID=13361 DF PROTO=UDP 
> SPT=33460 DPT=161 LEN=70
>  
> The netfilter helpers are loaded:
> lsmod | grep snmp
> nf_nat_snmp_basic      16384  0
> nf_conntrack_snmp      16384  3 nf_nat_snmp_basic
> nf_conntrack_broadcast    16384  2 nf_conntrack_netbios_ns,nf_conntrack_snmp
> nf_conntrack          172032  35 
> xt_conntrack,nf_nat_irc,nf_nat,nf_conntrack_tftp,nf_nat_ftp,xt_state,nf_conntrack_pptp,nf_nat_ipv6,ipt_MASQUERADE,nf_conntrack_netbios_ns,nf_conntrack_sane,nf_nat_ipv4,xt_nat,nf_nat_tftp,nf_nat_amanda,nf_conntrack_sip,xt_helper,nf_conntrack_h323,nf_nat_pptp,xt_NETMAP,nf_conntrack_broadcast,nf_conntrack_irc,nf_conntrack_amanda,nf_conntrack_netlink,xt_connmark,nf_conntrack_proto_gre,nf_conntrack_ftp,xt_CT,nf_nat_h323,nf_conncount,nf_conntrack_snmp,nf_nat_snmp_basic,xt_connlimit,nf_nat_sip,xt_REDIRECT
>  
> I suspect it is a configuration error, but I have no idea what to change. 
> Please point me in the right direction. 
>  
> With best regards
> Walter Hofstaedtler
>  
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net 
> <mailto:Shorewall-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/shorewall-users 
> <https://lists.sourceforge.net/lists/listinfo/shorewall-users>

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users






















					Reply via email to