[Shorewall-users] martians ?

Wed, 20 Oct 2010 06:07:46 -0700 

I'm trying out a setup Basic 2 Interfaces with proxyarp option
with subnetting.
My 'loc' zone is the bare minimum: a /30 subnet but sufficient for 1 'loc'
PC
for testing.

My test 'loc' PC :
 eth0 IP 143.129.75.237 SM 255.255.255.252 GW 143.129.75.238

My test FW has two inferfaces in use (eth0 and eth2) (eth1 unused):
 eth0 IP 143.129.75.175 SM 255.255.255.0 GW 143.129.75.254
 eth2 IP 143.129.75.238 SM 255.255.255.252 GW 143.129.75.254

My config files are
------ zones ----------
fw      firewall
net     ipv4
loc     ipv4
------ policy ---------
$FW             net             ACCEPT
loc             net             ACCEPT
net             all             DROP            info
all             all             REJECT          info
------ interfaces -----
net     eth0    detect          proxyarp,tcpflags,routefilter,nosmurfs
loc     eth2    detect          tcpflags,nosmurfs
------ rules ----------
ACCEPT          loc                     $FW     icmp
ACCEPT          net:143.129.75.1        $FW     icmp
#
ACCEPT          loc                     $FW     tcp     ssh
ACCEPT          net:143.129.75.1        $FW     tcp     ssh
REJECT          net                     $FW     tcp     ssh
#
ACCEPT          $FW                     loc     tcp     ssh
ACCEPT          net:143.129.75.1        loc     tcp     ssh
REJECT          net                     loc     tcp     ssh

Before testing I did
# shorewall clear   (to get rid of any things from previous setups)
# shorewall check
# shorewall start

If I try a ping from the system 143.129.75.1 (in the net zone)
to the firewall:     143.129.75.1> ping 143.129.75.175
I can get some 8 to 13 (varies) successfull echo-replies
  then: Destination Host Unreachable
I can ssh from 143.129.75.1 into the FW, but it's very slow (30 seconds
to wait after entering password), then commands typed in often get stuck,
then after several seconds are 'released' etc...

(from a Terminal window on the system, everything is at normal speed)

Also my /var/log/messages is full of
kernel messages about martion source xxx.yyy.zzz.uuu from aaa.bbb.ccc.ddd on
dev eth0
If I do
# shorewall clear
they still keep coming (and ssh respons time remains slow)

What's wrong??

------------------------------------------------------------------------------
Download new Adobe(R) Flash(R) Builder(TM) 4
The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly 
Flex(R) Builder(TM)) enable the development of rich applications that run
across multiple browsers and platforms. Download your free trials today!
http://p.sf.net/sfu/adobe-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to