On 8/14/10 2:01 PM, Klein Stéphane wrote: >> >> On 8/14/10 12:58 PM, Klein Stéphane wrote: >>> Hi, >>> >>> I've two computers : >>> * A : it's a server with a firewall >>> * B : a computer on internet >>> >>> I've installed netserver on host A. >>> I use netperf on host B. >>> >>> On host B, I launch : >>> >>> $ netperf -H host_A_address_IP >>> >>> If I stop the firewall on host A, all work great. >>> It isn't work when firewall is enabled. >>> >>> In filewall rules, I've opened default netserver port : 12865 >>> >>> /etc/shorewall/rules >>> ACCEPT net $FW tcp 12865 >>> >>> host A have full access to internet. >>> >>> /etc/shorewall/policy >>> $FW net ACCEPT >>> >>> Where is the problem ? Can you help me ? >> >> Look at your log. >> >> -Tom >> > > This is my log : > > Aug 14 22:57:55 gw kernel: [18066.388731] Shorewall:net2fw:DROP:IN=eth0 > OUT= MAC=00:13:d3:9e:3b:c2:00:24:23:00:7a:2d:08:00 SRC=192.168.1.10 > DST=192.168.1.14 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=642 DF PROTO=TCP > SPT=56536 DPT=58042 WINDOW=5840 RES=0x00 SYN URGP=0 > Aug 14 22:57:58 gw kernel: [18069.394144] Shorewall:net2fw:DROP:IN=eth0 > OUT= MAC=00:13:d3:9e:3b:c2:00:24:23:00:7a:2d:08:00 SRC=192.168.1.10 > DST=192.168.1.14 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=643 DF PROTO=TCP > SPT=56536 DPT=58042 WINDOW=5840 RES=0x00 SYN URGP=0 > Aug 14 22:58:04 gw kernel: [18075.818119] Shorewall:net2fw:DROP:IN=eth0 > OUT= MAC=00:13:d3:9e:3b:c2:00:24:23:00:7a:2d:08:00 SRC=192.168.1.10 > DST=192.168.1.14 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=644 DF PROTO=TCP > SPT=56536 DPT=58042 WINDOW=5840 RES=0x00 SYN URGP=0 > > I don't understand : all connection from FW to net are allowed. Here > this connections are dropped ! > An idea ?
You need to consult Shorewall FAQ 17. Those are INCOMING packets (IN=eth0 OUT=) for TCP port 58042 which your firewall is obviously blocking. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
