-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
As I pointed out to Wilson in a private message, this appears to show
that no other connection requests (other than port 3000) are being sent
from the client to the server (or at least no other connection requests
are being received by the Shorewall box).
Wilson: Are you sure that the client is supposed to open port 3001 on
the server and not the other way around (server opens port 3001 on the
client)? You could test that idea by:
tcpdump -nvvi eth0 port 3001
- -Tom
- -------- Original Message --------
Subject: 回覆: Re: [Shorewall-users] Port 3001 still have problem
Date: Wed, 28 Nov 2007 15:17:53 +0800 (CST)
From: Wilson Kwok <[EMAIL PROTECTED]>
To: Tom Eastep <[EMAIL PROTECTED]>
Tom,
Used this command that no relation with 3001 port.
15:19:55.176597 IP (tos 0x0, ttl 120, id 494, offset 0, flags [DF],
proto 6, length: 60) a.b.c.d.1033 > w.x.y.z.3000: P [tcp sum ok]
484:504(20) ack 45 win 65491
15:19:55.300186 IP (tos 0x0, ttl 127, id 3456, offset 0, flags [DF],
proto 6, length: 40) w.x.y.z.3000 > a.b.c.d.1033: . [tcp sum ok]
45:45(0) ack 504 win 16372
*/Tom Eastep <[EMAIL PROTECTED]>/* 說:
Tom Eastep wrote:
> Wilson Kwok wrote:
>> Dear Tom,
>>
>> I see nothing ....
>>
>> [EMAIL PROTECTED] shorewall]# tcpdump -nvvi eth1 port 3001
>> tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture
size 96
>> bytes
>
> That means that the firewall is not receiving any connection
request on port
> 3001. So clearly it can't forward a connection request if it
doesn't receive
> one. If something is blocking port 3001, it is occurring in front
of the
> Shorewall box.
>
> Do you have a firewall on the client system that you are trying to
connect from?
You can also try this:
tcpdump -nvvi eth1 host w.x.y.z
That will show all traffic to/from w.x.y.z and will tell you
if the
client is trying to connect on another port besides 3000 and 3001.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
- ------------------------------------------------------------------------
Yahoo! 網上安全攻略,教你如何防範黑客! *了解更多*
<http://hk.promo.yahoo.com/security/index.html>
- --
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFHTZarO/MAbZfjDLIRAv0BAKCWNDKLNVwVNoxqZqO3/FmWatHdAwCfRosZ
alDKFVE0TejnH8VexKYemyA=
=9A0L
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell. From the desktop to the data center, Linux is going
mainstream. Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
