On 04/29/2011 04:55 AM, Roberto C. Sánchez wrote: > On Fri, Apr 29, 2011 at 04:46:42PM +0530, Boby Philip wrote: >> 1. I have added TCP port 1723 in the shorewall exception rule. >> >> ACCEPT:info LOC:64.122.94.51 >> INET tcp 1723 #pptp >> ACCEPT:info LOC:64.122.94.51 >> INET 47 >> >> >> >> Apr 29 16:08:08 PathFinder kernel: Shorewall:all2all:DROP:IN=eth1 OUT=eth0 >> SRC=192.168.10.12 >> DST=64.122.94.51 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=44826 DF PROTO=TCP >> SPT=4001 DPT=1723 >> WINDOW=65535 RES=0x00 SYN URGP=0 >> > Boby, > > Same as with the question you posted last night, you have an ACCEPT > rule that designates two zones, but the traffic is not matching to those > zones. The traffic is being rejected because it only matches the > all2all policy, which is cleary set to REJECT. Please post the output > of 'shorewall dump' (run as root) so that we can help you.
Boby: You should really look at Shorewall FAQ 17 which explains how to decode the log messages. From that, one thing would be very obvious: The source (SRC) of the traffic is 192.168.10.12 while your rules specify the SOURCE as 64.122.94.51. From the log message, it is clear that IP address is the destination (DST). If you can't get it to work with that clue, then please submit a dump as Roberto suggests. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
