First, thank you Tom. Shorewall is terrific. We installed it two weeks ago on our Ubuntu firewall box and things went very smoothly. We use a pretty standard 3 zone firewall configuration with a DMZ zone and NAT-ing. The documentation was extremely helpful and everything is working great...
...except... We were tracking down a different issue yesterday using an external laptop with Wireshark to examine packets as they come out of the firewall and noticed that several times a second we get packets with a source address of 10.1.1.x (our DMZ's address space). FWIW, here are the masq and nat settings we are currently using: ############################# masq ########################## #INTERFACE SOURCE ADDRESS eth0 10.1.1.0/24 66.150.___.___ eth1 10.9.9.0/24 detect ############################## nat ############################# #EXTERNAL INTERFACE INTERNAL ALL? LOCAL? 66.150.___.___ eth0 10.1.1.130 no yes Given that the link does over 400Megabits per second, that means that _most_ of the packets are being translated correctly, but an interesting number of them are "leaking" out with the 10.1.1.x source address. Many of those are RST packets coming at the very end of a TCP conversation. The frequency of these 10.1.1.x packets seems to be random. If this is a common situation with an easy solution, my apologies but I didn't find anything in the FAQs or the newsgroup archives. (Coming up with a good, selective search phrase for this issue was challenging.) So my first question to the group is: Have you heard of this kind of thing before? Is there an area/topic I should review closely to see if I made a Shorewall or sysctl config mistake? If not, I'll be happy to upload _all_ the gory details of our configuration for people to study. I just wanted to quickly see if this rings a bell with anyone first. Thanks in advance, - Chip ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
