C. Albers wrote: > Hi Paul, > > Sorry about that. This dump has the udp log messages > in it that relate to the ipsec connections over port > 500 and port 10000 - which theorectically, should be > closed, until I open them in the rules config file. > > The log messages occur after the "Chain tcpre" > section.
Chad, those are not log messages, they are connection tracking table entries. Connections which show up in the conntrack table *are* passing successfully through your rules. The entries *before* tcpre are your logs, and there are no UDP packet log entries there (although that's not entirely surprising if they are accepted). If you are running your VPN termination point on your firewall, we would expect to see some accepted UDP packets in the net2fw chain, which we don't. In fact, you've basically got nothing much happening there. Try this: 1. run 'shorewall clear' (to reset your counters) 2. save your 'shorewall dump' output in a file 3. make a VPN connection through your firewall 4. save your 'shorewall dump' output to a different file 5. diff the files That should give you at least some indication as to where the packets are being seen. If you can't solve it that way, send us both files and we'll see what we can see. My gut leads me to guess that there is another path through your network and the traffic is not touching this firewall at all. Paul
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
