Re: [Shorewall-users] Shorewall Disobeying rules?

Matt Darfeuille Wed, 05 Aug 2020 09:04:27 -0700

On 8/5/2020 5:03 PM, colony.three--- via Shorewall-users wrote:
> I have struggled for days to make this work but admit I am soundly defeated.
> 
> My goal is to dnat two cameras through an Odroid N2+. But I can't even get a 
> basic ACCEPT to work on ports 80 or 443. I can't understand what is wrong. 
> Dump is attached. Sure hope the boss is still around.
> 
> [Tue Jan 30 17:39:29 2018] net-fw DROP IN=eth0 OUT= 
> MAC=00:1e:06:42:5b:57:fc:aa:14:71:ef:47:08:00 SRC=10.2.1.4 DST=10.2.1.106 
> LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=8197 DF PROTO=TCP SPT=28086 DPT=51554 
> WINDOW=29200 RES=0x00 SYN URGP=0
> [Tue Jan 30 17:39:30 2018] local-fw REJECT IN=eth1 OUT= 
> MAC=00:e0:4c:68:00:9e:dc:9f:db:1a:a0:1a:08:00 SRC=10.2.20.31 DST=10.2.20.1 
> LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=10986 DF PROTO=UDP SPT=53625 DPT=53 LEN=45
> [Tue Jan 30 17:39:30 2018] local-fw REJECT IN=eth1 OUT= 
> MAC=00:e0:4c:68:00:9e:dc:9f:db:1a:a0:1a:08:00 SRC=10.2.20.31 DST=10.2.20.1 
> LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=10987 DF PROTO=UDP SPT=57493 DPT=53 LEN=45
> [Tue Jan 30 17:39:30 2018] local-fw REJECT IN=eth1 OUT= 
> MAC=00:e0:4c:68:00:9e:dc:9f:db:1a:a0:1a:08:00 SRC=10.2.20.31 DST=10.2.20.1 
> LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=10988 DF PROTO=UDP SPT=40352 DPT=53 LEN=45
> [Tue Jan 30 17:39:31 2018] net-fw DROP IN=eth0 OUT= 
> MAC=00:1e:06:42:5b:57:fc:aa:14:71:ef:47:08:00 SRC=10.2.1.4 DST=10.2.1.106 
> LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=10546 DF PROTO=TCP SPT=28190 DPT=51554 
> WINDOW=29200 RES=0x00 SYN URGP=0
> [Tue Jan 30 17:39:32 2018] net-fw DROP IN=eth0 OUT= 
> MAC=00:1e:06:42:5b:57:fc:aa:14:71:ef:47:08:00 SRC=10.2.1.4 DST=10.2.1.106 
> LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=10547 DF PROTO=TCP SPT=28190 DPT=51554 
> WINDOW=29200 RES=0x00 SYN URGP=0
> [Tue Jan 30 17:39:32 2018] local-fw REJECT IN=eth1 OUT= 
> MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 
> LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=44808 DF PROTO=UDP SPT=48844 DPT=53 LEN=52
> [Tue Jan 30 17:39:32 2018] local-fw REJECT IN=eth1 OUT= 
> MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 
> LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=44809 DF PROTO=UDP SPT=60419 DPT=53 LEN=52
> [Tue Jan 30 17:39:32 2018] local-fw REJECT IN=eth1 OUT= 
> MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 
> LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=44810 DF PROTO=UDP SPT=45791 DPT=53 LEN=52
> [Tue Jan 30 17:39:32 2018] local-fw REJECT IN=eth1 OUT= 
> MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 
> LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=44811 DF PROTO=UDP SPT=32787 DPT=53 LEN=52
> [Tue Jan 30 17:39:34 2018] net-fw DROP IN=eth0 OUT= 
> MAC=01:00:5e:00:00:01:00:eb:d5:61:fb:60:08:00 SRC=0.0.0.0 DST=224.0.0.1 
> LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
> [Tue Jan 30 17:39:34 2018] net-fw DROP IN=eth0 OUT= 
> MAC=01:00:5e:00:00:01:00:eb:d5:61:fb:60:08:00 SRC=0.0.0.0 DST=224.0.0.1 
> LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
> [Tue Jan 30 17:39:34 2018] net-fw DROP IN=eth0 OUT= 
> MAC=00:1e:06:42:5b:57:fc:aa:14:71:ef:47:08:00 SRC=10.2.1.4 DST=10.2.1.106 
> LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=10548 DF PROTO=TCP SPT=28190 DPT=51554 
> WINDOW=29200 RES=0x00 SYN URGP=0
> [Tue Jan 30 17:39:38 2018] net-fw DROP IN=eth0 OUT= 
> MAC=00:1e:06:42:5b:57:fc:aa:14:71:ef:47:08:00 SRC=10.2.1.4 DST=10.2.1.106 
> LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=10549 DF PROTO=TCP SPT=28190 DPT=51554 
> WINDOW=29200 RES=0x00 SYN URGP=0
> [Tue Jan 30 17:39:39 2018] local-fw REJECT IN=eth1 OUT= 
> MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 
> LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=44884 DF PROTO=UDP SPT=56118 DPT=53 LEN=52
> [Tue Jan 30 17:39:39 2018] local-fw REJECT IN=eth1 OUT= 
> MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 
> LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=44885 DF PROTO=UDP SPT=47795 DPT=53 LEN=52
> [Tue Jan 30 17:39:39 2018] local-fw REJECT IN=eth1 OUT= 
> MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 
> LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=44886 DF PROTO=UDP SPT=60806 DPT=53 LEN=52
> [Tue Jan 30 17:39:39 2018] local-fw REJECT IN=eth1 OUT= 
> MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 
> LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=44887 DF PROTO=UDP SPT=53807 DPT=53 LEN=52
> [Tue Jan 30 17:39:45 2018] local-fw REJECT IN=eth1 OUT= 
> MAC=00:e0:4c:68:00:9e:dc:9f:db:1a:a0:1a:08:00 SRC=10.2.20.31 DST=10.2.20.1 
> LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=25988 DF PROTO=UDP SPT=60181 DPT=53 LEN=45
> [Tue Jan 30 17:39:45 2018] local-fw REJECT IN=eth1 OUT= 
> MAC=00:e0:4c:68:00:9e:dc:9f:db:1a:a0:1a:08:00 SRC=10.2.20.31 DST=10.2.20.1 
> LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=25989 DF PROTO=UDP SPT=51672 DPT=53 LEN=45
> [Tue Jan 30 17:39:45 2018] local-fw REJECT IN=eth1 OUT= 
> MAC=00:e0:4c:68:00:9e:dc:9f:db:1a:a0:1a:08:00 SRC=10.2.20.31 DST=10.2.20.1 
> LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=25990 DF PROTO=UDP SPT=54680 DPT=53 LEN=45
> [Tue Jan 30 17:39:46 2018] net-fw DROP IN=eth0 OUT= 
> MAC=00:1e:06:42:5b:57:fc:aa:14:71:ef:47:08:00 SRC=10.2.1.4 DST=10.2.1.106 
> LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=10550 DF PROTO=TCP SPT=28190 DPT=51554 
> WINDOW=29200 RES=0x00 SYN URGP=0
> [Tue Jan 30 17:39:49 2018] local-fw REJECT IN=eth1 OUT= 
> MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 
> LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=45506 DF PROTO=UDP SPT=38509 DPT=53 LEN=52
> [Tue Jan 30 17:39:49 2018] local-fw REJECT IN=eth1 OUT= 
> MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 
> LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=45507 DF PROTO=UDP SPT=35424 DPT=53 LEN=52
> [Tue Jan 30 17:39:49 2018] local-fw REJECT IN=eth1 OUT= 
> MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 
> LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=45508 DF PROTO=UDP SPT=38172 DPT=53 LEN=52
> [Tue Jan 30 17:39:49 2018] local-fw REJECT IN=eth1 OUT= 
> MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 
> LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=45509 DF PROTO=UDP SPT=60454 DPT=53 LEN=52
>


What are the Ips in questions and the zones in questions?

IS it working if you do 'shorewall clear'?

IN your log I don't see http/https being listed.

-- 
Matt Darfeuille <m...@shorewall.org>
Shorewall Project Committee, one of four core members
https://sourceforge.net/p/shorewall/mailman/message/36596609/
https://shorewall.org


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Shorewall Disobeying rules?

Reply via email to