I'm trying to implement shorewall on my Centos 6 firewall. I'm by no
means a firewall person and have an extremely limited knowledge of
iptables and find it to be very confusing, and am hoping that Shorewall
will help me get around that problem.
With that said, here's what I attempting to figure out.
I have a web and email server running on a local host and when I
implement shorewall I continue to get email and my web page is
accessible from the internet. So far so good.
My problem is with the firewall itself. I run a weather station
connected to my firewall, and it sends updates to weather underground,
and to CWOP, I also run ddclient on the same host. All 3 of these
processes fail to connect to their respective hosts.
As best I can determine ddclient and connections to the weather
underground hosts both utilize port 80, and
all cwop servers - - - cwop.aprs.net : port 14580 or port 23 - - - this
links to all four CWOP servers.
Here are the rules that I've tried. I tried specifying both protocols
and ports as well but neither works.
ACCEPT net:checkip.dyndns.org $FW all -
ACCEPT net:weatherstation.wunderground.com $FW all -
ACCEPT net:cwop.aprs.net $FW all -
DNAT net loc:XXX.XXX.XXX.2 tcp http,https,imap,imaps,smtp
This is what I see in the log
wvcwopd[1789]: <1375804611302> : radSocketClientCreate: in progress
connect failed: Connection refused
wvcwopd[1789]: <1375804611304> : radSocketClientCreateAny: failed to
connect to DNS result 85.188.1.27:23
wvcwopd[1789]: <1375804611304> : radSocketClientCreate: in progress
connect failed: Connection refused
wvcwopd[1789]: <1375804611306> : radSocketClientCreateAny: failed to
connect to DNS result 129.15.41.39:23
wvcwopd[1789]: <1375804611306> : radSocketClientCreate: in progress
connect failed: Connection refused
wvcwopd[1789]: <1375804611308> : radSocketClientCreateAny: failed to
connect to DNS result 129.15.41.40:23
wvcwopd[1789]: <1375804611308> : radSocketClientCreate: in progress
connect failed: Connection refused
wvcwopd[1789]: <1375804611309> : radSocketClientCreateAny: failed to
connect to DNS result 193.1.208.229:23
wvcwopd[1789]: <1375804611310> : radSocketClientCreate: in progress
connect failed: Connection refused
wvcwopd[1789]: <1375804611312> : radSocketClientCreateAny: failed to
connect to DNS result 70.57.237.99:23
wvcwopd[1789]: <1375804611312> : radSocketClientCreateAny: failed to
connect to any server
wvcwopd[1789]: <1375804611313> : CWOP-connect: failed to connect to all
3 APRS servers!
wvhttpd[1792]: <1375804804520> : WUNDERGROUND-send:
http://weatherstation.wunderground.com/weatherstation/updateweatherstation.php?ID=XXXXXXXXXX&PASSWORD=XXXXXXXX&dateutc=2013-08-06+160x1.c88b4bfb41af8p-1013000x1.75245444e5557p+29304&winddir=020&windspeedmph=002&windgustmph=001&hum
wvhttpd[1792]: <1375804804520> : WUNDERGROUND-send:
dity=76&tempf=078.7&rainin=0.00&dailyrainin=0.27&baromin=30.06&dewptf=70.400&weather=&clouds=&softwaretype=wview-5.20.2&action=updateraw
wvhttpd[1792]: <1375804804684> : WUNDERGROUND-error: couldn't connect to
host
WARNING: cannot connect to checkip.dyndns.org:80 socket:
IO::Socket::INET: connect: Connection refused
What rules do I need to add to allow the firewall to permit these
connections to work?
Thanks
Pete
--
Unencumbered by the thought process.
-- Click and Clack the Tappet brothers
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
