On Tue, 2011-06-21 at 19:37 +0100, Martin wrote: > I've attached all relevant configuration files I could find and I > appreciate any assistance you could give me with this.
I looked at this exact same problem with another user recently. The
problem is that the OpenVZ kernel is miss-categorizing incoming
packets.
Look at this:
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
585 45057 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
585 45057 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
9 790 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Not one packet has matched the 'cstate RELATED,ESTABLISHED' rule.
Incoming SSH works but all outgoing connections all fail because the
response packets are dropped.
I took a quick look at the Debian Bugtrack system and didn't see any
reports against the kernel package you are using but I would have
thought that the user I tried to help earlier would have filed a report
so you might want to poke around there.
Sorry for the bad news,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
