Hi All, Ran across a weird one today that I can't wrap my head around.
This is a pretty standard two-NIC setup with eth0 being the WAN and eth1 being LAN-side. A workstation on the LAN side (10.0.50.144 assigned by DHCP) cannot go to a particular website at 161.184.172.35. This workstation can surf to any other website I can think of, and pings to the troublesome website return the proper IP address. Shorewall rejects requests to go to that website under the all2all policy:
Jan 31 12:37:15 d205-206-104-186 kernel: Shorewall:all2all:REJECT:IN=eth1 OUT=eth0 SRC=10.0.50.144 DST=161.184.172.35 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=57267 DF PROTO=TCP SPT=4067 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
I've attached my status file gzipped as indicated.I didn't build this box so "totally out there" postulations are welcome and I will investigate them all.
Thanks! Jon -- Key fingerprint: BDE0 DE52 B8C0 0CDF 7653 E5A2 D861 7877 0D3B 813E http://www.jonwatson.ca +1.403.770.2837 "Trying to learn to hack on a DOS or Windows machine or under MacOS is like trying to learn to dance while wearing a body cast" - ESR
status.txt.gz
Description: application/gzip
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
