Hi Jon, On 12/20/06, Jon <[EMAIL PROTECTED]> wrote: > When I start Shorewall I can see that it 'loads' the admin zone IPs, so > that seems to be OK. The trouble seems to be that the packets aren't > triggering the 'from admin zone' policy and are therefore falling > through to the net to any DROP policy. If you have Log, set on net->any, you can see if these packet trigger that rule: Like so: net all DROP $LOG The log can be setup via ulogd to be any file (in debian /var/log/ulogd/syslogemu )
> Anyone have any ideas how to troubleshoot this thing? You can also log the specific connection alone, and see if you can figure out things. shorewall dump > shdump The file has a list of the connections/iptables rules and most of the things needed to debug this problem. Do ensure that you do it immediately before and after trying to establish a connection from the 'affected' system. Also, do look at the trouble-shooting instructions on shorewall.net http://shorewall.net/troubleshoot.htm and the problem reporting guidelines. http://shorewall.net/support.htm Also, add a specific rule for this IP alone, again with LOG, and see if that helps. Ipsets may also be a possible solution - and might make your setup easier/cleaner. Tom's out of power and his network connection is down, so I hope your problem is not too hard for the rest of us to solve. Prasanna. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
