Tom Eastep wrote: > Robert Moskowitz wrote: > >> Roberto C. Sánchez wrote: >> >>> On Tue, Jan 01, 2008 at 01:20:37PM -0500, Robert Moskowitz wrote: >>> >>> >>>> Roberto C. Sánchez wrote: >>>> >>>> >>>>> On Tue, Jan 01, 2008 at 01:12:50PM -0500, Robert Moskowitz wrote: >>>>> >>>>> >>>>> >>>>>> See anything obvious here? Other than wireshark on the firewall, how >>>>>> might I figure out what is being blocked? All I get is a fast busy on a >>>>>> call. >>>>>> >>>>>> >>>>>> >>>>>> >>>>> I would start with the output of 'shorewall dump'. >>>>> >>>>> >>>> Will try. >>>> >>>> >>>>> But first, read this >>>>> page: http://www.shorewall.net/support.htm >>>>> >>>>> >>>> I did read it first. >>>> >>>> >>>> >>> Sorry. Since the flowchart indicates that for your situation you should >>> send the output of 'shorewall dump' to the mailing list and you did not >>> do that, I thought you had not read the page. Anyhow, once you forward >>> the dump output you are more likely to get something resembling >>> competent help. >>> >> Send that hugh listing? I guess I am jsut 'trained' not to flood a list >> with long dumps. >> > > The instructions point out that you can send the dump to > [EMAIL PROTECTED] rather than to the list. > I am working too hard this day off. Not reading instructions all the way through. My dyslexia is no excuse in this case. sorrry. >> Rather to be able to pull out the part(s) needed. >> Well here goes: SSH into the firewall, dump > to file, gFTP to move the >> dump here, gedit dump, cut to clipboard then paste! (simple :) ): >> >> > Unfortunately, that technique causes the dump to be spindled, folded and > multilated by your mailer. > typical. > At any rate, it appears that you have configured DROP policies but have > not specified any logging. nope. logging can kill you if you don'tlog smart. Which I am not yet. > Consequently, you are depriving yourself of > the best debugging tool available -- the log of dropped/rejected > packets. So I would modify /etc/shorewall/policy to specify logging of > any DROP/REJECT policies. You can then see what packets are being > dropped by using the "shorewall show log" command. > Will change and test again!
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
