Hey Prassana, Thanks for the quick reply. It seems to me that most of these troubleshooting steps would be more useful if I didn't know what the problem was. I've already investigated the logs, etc, and I can see exactly where the problem lies - my default admin zone policy isn't firing on any of the IPs that are part of the admin zone.
I've dumped the logs and watched them in real time as I try to connect, and it's always the same - the packet is dropped under the very last policy, the net2all policy. The question that's killing me is: why? Thanks! J Prasanna Krishnamoorthy wrote: > Hi Jon, > > On 12/20/06, Jon <[EMAIL PROTECTED]> wrote: >> When I start Shorewall I can see that it 'loads' the admin zone IPs, so >> that seems to be OK. The trouble seems to be that the packets aren't >> triggering the 'from admin zone' policy and are therefore falling >> through to the net to any DROP policy. > If you have Log, set on net->any, you can see if these packet trigger that > rule: > Like so: > net all DROP $LOG > The log can be setup via ulogd to be any file (in debian > /var/log/ulogd/syslogemu ) > >> Anyone have any ideas how to troubleshoot this thing? > You can also log the specific connection alone, and see if you can > figure out things. > > shorewall dump > shdump > The file has a list of the connections/iptables rules and most of the > things needed to debug this problem. Do ensure that you do it > immediately before and after trying to establish a connection from the > 'affected' system. > > Also, do look at the trouble-shooting instructions on shorewall.net > http://shorewall.net/troubleshoot.htm > and the problem reporting guidelines. > http://shorewall.net/support.htm > > Also, add a specific rule for this IP alone, again with LOG, and see > if that helps. Ipsets may also be a possible solution - and might make > your setup easier/cleaner. > > Tom's out of power and his network connection is down, so I hope your > problem is not too hard for the rest of us to solve. > > Prasanna. > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
