I'm trying to enable tftp traffic initiated from our dmz network to our internal network. I have:
TFTP(ACCEPT) dmz loc:10.10.10.1 in /etc/shorewall/rules, and: oadmodule nf_conntrack_tftp in /etc/shorewall/modules. The module is loaded and I do see some entries come and go, e.g.: udp 17 10 src=4.28.99.164 dst=10.10.10.1 sport=2071 dport=69 [UNREPLIED] src=10.10.10.1 dst=4.28.99.164 sport=69 dport=2071 mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=2 But it appears that the replies from the client are still being blocked, e.g.: Oct 16 10:17:34 inferno kernel: [1841301.871809] Shorewall:dmz2loc:REJECT:IN=em2 OUT=em1 MAC=00:b0:d0:df:e3:1e:00:22:19:1d:0c:a4:08:00 SRC=4.28.99.164 DST=10.10.10.1 LEN=32 TOS=0x00 PREC=0x00 TTL=19 ID=17 PROTO=UDP SPT=2072 DPT=35350 LEN=12 Any idea why the client replies are being blocked? Thanks, Orion -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder Office FAX: 303-415-9702 3380 Mitchell Lane [email protected] Boulder, CO 80301 http://www.nwra.com ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
