Robert Moskowitz wrote: > Roberto C. Sánchez wrote: >> On Tue, Jan 01, 2008 at 01:20:37PM -0500, Robert Moskowitz wrote: >> >>> Roberto C. Sánchez wrote: >>> >>>> On Tue, Jan 01, 2008 at 01:12:50PM -0500, Robert Moskowitz wrote: >>>> >>>> >>>>> See anything obvious here? Other than wireshark on the firewall, how >>>>> might I figure out what is being blocked? All I get is a fast busy on a >>>>> call. >>>>> >>>>> >>>>> >>>> I would start with the output of 'shorewall dump'. >>>> >>> Will try. >>> >>>> But first, read this >>>> page: http://www.shorewall.net/support.htm >>>> >>> I did read it first. >>> >>> >> Sorry. Since the flowchart indicates that for your situation you should >> send the output of 'shorewall dump' to the mailing list and you did not >> do that, I thought you had not read the page. Anyhow, once you forward >> the dump output you are more likely to get something resembling >> competent help. > Send that hugh listing? I guess I am jsut 'trained' not to flood a list > with long dumps.
The instructions point out that you can send the dump to [EMAIL PROTECTED] rather than to the list. > Rather to be able to pull out the part(s) needed. > Well here goes: SSH into the firewall, dump > to file, gFTP to move the > dump here, gedit dump, cut to clipboard then paste! (simple :) ): > Unfortunately, that technique causes the dump to be spindled, folded and multilated by your mailer. At any rate, it appears that you have configured DROP policies but have not specified any logging. Consequently, you are depriving yourself of the best debugging tool available -- the log of dropped/rejected packets. So I would modify /etc/shorewall/policy to specify logging of any DROP/REJECT policies. You can then see what packets are being dropped by using the "shorewall show log" command. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
