On 04/12/2012 07:10 AM, Alessandro Faglia wrote: > On Thu, Apr 12, 2012 at 3:19 PM, Tom Eastep <[email protected] > <mailto:[email protected]>> wrote: > > On 04/11/2012 11:20 PM, Alessandro Faglia wrote: > > > > > For what I understand I shouldn't have any output from tcpdump, or > is it > > normal? Do you see routing issues? > > > > That looks okay. Now try running tcpdump on eth4 while you are testing; > do you see response packets being sent out of eth4 rather than ppp0? > > > Yes I do: > > # tcpdump -nei eth4 port 25 and host <nmap-host-ip> > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on eth4, link-type EN10MB (Ethernet), capture size 96 bytes > 16:05:53.308093 00:04:23:e0:8a:51 > 00:25:9c:ca:6d:46, ethertype IPv4 > (0x0800), length 58: <wan-ip>.25 > <nmap-host-ip> .36640: S > 283332995:283332995(0) ack 2424569839 win 5840 <mss 1460> > 16:05:53.406159 00:04:23:e0:8a:51 > 00:25:9c:ca:6d:46, ethertype IPv4 > (0x0800), length 58: <wan-ip> .25 > <nmap-host-ip> .36641: S > 382851284:382851284(0) ack 2424504304 win 5840 <mss 1460> > 16:05:57.032048 00:04:23:e0:8a:51 > 00:25:9c:ca:6d:46, ethertype IPv4 > (0x0800), length 58: <wan-ip> .25 > <nmap-host-ip> .36640: S > 283332995:283332995(0) ack 2424569839 win 5840 <mss 1460> > 16:05:57.831952 00:04:23:e0:8a:51 > 00:25:9c:ca:6d:46, ethertype IPv4 > (0x0800), length 58: <wan-ip> .25 > <nmap-host-ip> .36641: S > 382851284:382851284(0) ack 2424504304 win 5840 <mss 1460> > > In this case <wan-ip>is the public IP (#1 in my previous examples) I'm > running nmap against from the test host: > # nmap -p 25 <wan-ip> > > Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-04-12 16:05 > CEST > Interesting ports on <wan-ip> : > PORT STATE SERVICE > 25/tcp filtered smtp > > Nmap finished: 1 IP address (1 host up) scanned in 6.890 seconds > > So I have packets flowing back thru eth4 that shouldn't be there, am I > correct? Is it a setup problem?
Most likely it is a bug in the ancient version of Shorewall you are running. You can try: - shorewall stop - /etc/init.d/networking restart - shorewall start and see if that fixes it. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
