Re: [Shorewall-users] How configure my firewall to execute netperf ? I use shorewall (iptable firewall) on Debian

Sat, 14 Aug 2010 14:05:24 -0700 

>
> On 8/14/10 12:58 PM, Klein Stéphane wrote:
> >  Hi,
> >
> >  I've two computers :
> >  * A : it's a server with a firewall
> >  * B : a computer on internet
> >
> >  I've installed netserver on host A.
> >  I use netperf on host B.
> >
> >  On host B, I launch :
> >
> >  $ netperf -H host_A_address_IP
> >
> >  If I stop the firewall on host A, all work great.
> >  It isn't work when firewall is enabled.
> >
> >  In filewall rules, I've opened default netserver port : 12865
> >
> >  /etc/shorewall/rules
> >  ACCEPT          net             $FW             tcp     12865
> >
> >  host A have full access to internet.
> >
> >  /etc/shorewall/policy
> >  $FW             net             ACCEPT
> >
> >  Where is the problem ? Can you help me ?
>
> Look at your log.
>
> -Tom
>    

This is my log :

Aug 14 22:57:55 gw kernel: [18066.388731] Shorewall:net2fw:DROP:IN=eth0 
OUT= MAC=00:13:d3:9e:3b:c2:00:24:23:00:7a:2d:08:00 SRC=192.168.1.10 
DST=192.168.1.14 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=642 DF PROTO=TCP 
SPT=56536 DPT=58042 WINDOW=5840 RES=0x00 SYN URGP=0
Aug 14 22:57:58 gw kernel: [18069.394144] Shorewall:net2fw:DROP:IN=eth0 
OUT= MAC=00:13:d3:9e:3b:c2:00:24:23:00:7a:2d:08:00 SRC=192.168.1.10 
DST=192.168.1.14 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=643 DF PROTO=TCP 
SPT=56536 DPT=58042 WINDOW=5840 RES=0x00 SYN URGP=0
Aug 14 22:58:04 gw kernel: [18075.818119] Shorewall:net2fw:DROP:IN=eth0 
OUT= MAC=00:13:d3:9e:3b:c2:00:24:23:00:7a:2d:08:00 SRC=192.168.1.10 
DST=192.168.1.14 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=644 DF PROTO=TCP 
SPT=56536 DPT=58042 WINDOW=5840 RES=0x00 SYN URGP=0

I don't understand : all connection from FW to net are allowed. Here 
this connections are dropped !
An idea ?

Regards,
Stephane

-- 
Stéphane Klein<[email protected]>
blog: http://stephane-klein.info
Twitter: http://twitter.com/klein_stephane
pro: http://www.is-webdesign.com


------------------------------------------------------------------------------
This SF.net email is sponsored by 

Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev 
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to