On 5/3/2011 8:28 AM, Boby Philip wrote: > Thanks for the mail. > > I did not understand the shorewall dump. How do I take the shorewall dump. > > Boby > > > -----Original Message----- > From: Roberto C. Sánchez [mailto:[email protected]] > Sent: Friday, April 29, 2011 5:26 PM > To: [email protected] > Subject: Re: [Shorewall-users] Shorewall Dropping IP > > On Fri, Apr 29, 2011 at 04:46:42PM +0530, Boby Philip wrote: >> 1. I have added TCP port 1723 in the shorewall exception rule. >> >> ACCEPT:info LOC:64.122.94.51 >> INET tcp 1723 #pptp >> ACCEPT:info LOC:64.122.94.51 >> INET 47 >> >> >> >> Apr 29 16:08:08 PathFinder kernel: Shorewall:all2all:DROP:IN=eth1 > OUT=eth0 >> SRC=192.168.10.12 >> DST=64.122.94.51 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=44826 DF > PROTO=TCP >> SPT=4001 DPT=1723 >> WINDOW=65535 RES=0x00 SYN URGP=0 >> > Boby, > > Same as with the question you posted last night, you have an ACCEPT rule > that designates two zones, but the traffic is not matching to those zones. > The traffic is being rejected because it only matches the all2all policy, > which is cleary set to REJECT. Please post the output of 'shorewall dump' > (run as root) so that we can help you. > > Regards, > > -Roberto > as sugested by Roberto, run as 'root' example:
[root@ ~]# shorewall dump > shorewall-dump.txt 2>&1 send shorewall-dump.txt with mail ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
