Tom Eastep wrote: > Mariano Absatz wrote: > >> The connection hangs and eventually times out. While waiting for it to >> timeout, in the server, I execute: >> $ sudo /sbin/shorewall dump > dump-01.txt >> > > The Netfilter ruleset at this point is clearly wrong. Please: > > a) sudo /sbin/shorewall show -f capabilities > /etc/shorewall/caps > b) sudo tar -zcf shorewall.tgz /etc/shorewall > c) Send shorewall.tgz as an attachment to [email protected] >
Looking at this some more, I believe that when libvirt starts, it is inserting rules into the FORWARD chain. I'm quite certain that the extra rules I'm seeing in the first two dumps are not being created by Shorewall. I wish that these virtualization products would keep their hands off of the Netfilter configuration.... I suggest that you check the libvirt documentation to see if there isn't a way to stop it from inserting these rules. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
