On 9/8/12 5:25 PM, Steve Thompson wrote: > On Sat, 8 Sep 2012, Tom Eastep wrote: > >> Here's a clue. We see this log message: >> >> Sep 8 19:14:37 br2_rec:REJECT:IN=br2 OUT=br1 SRC=192.168.0.23 >> DST=192.168.4.2 LEN=76 TOS=0x00 PREC=0x00 TTL=127 ID=6379 PROTO=UDP >> SPT=123 DPT=123 LEN=56 >> >> It is being rejected because there is maclist no entry for 192.168.0.3 >> on br2 (which is the bridge on which this packet was received). >> >> In fact, there is no maclist entry for that IP address at all. When you >> see packets being rejected in one of the _rec chains, you must check >> your maclist entries. > > Ah, but there _is_ an entry in the maclist file for this IP address. An > extract: > > ACCEPT br2 84:2B:2B:47:D6:85 192.168.0.3 > ACCEPT br2 84:2B:2B:47:D6:86 192.168.0.3 > ACCEPT br2 00:1B:21:6F:2B:54 192.168.0.3 > ACCEPT br2 00:1B:21:6F:2B:55 192.168.0.3 >
192.168.0.23 IS NOT 192.168.0.3. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
