On 9/24/2014 1:13 AM, James Andrewartha wrote: > Hi, > > I'm running Shorewall 4.6.2.2 on Debian 7.6 (wheezy) with Linux > 3.2.60-1+deb7u3, and shorewall iptrace doesn't work - no output appears > in the kernel log. It wasn't working back when I was running 4.5.5.3 > (the version shipped with wheezy) which is one reason I upgraded. IIRC > it did work for a day or two after I last rebooted. The TRACE entry does > show up in the raw table. > > I realise it's probably more of a kernel issue, but I thought I'd ask > here first and see if anyone had any suggestions for what I could > investigate. It's also coming up to school holidays so I can perform > some more in-depth debugging if necessary.
Works fine here, but the Shorewall documentation is out of date. Rather than logging to kern.warning, the TRACE records are now logged to ulogd: Sep 24 07:27:16 gateway TRACE: mangle:tcpre:return:4 IN=eth2 OUT= SRC=172.20.1.210 DST=8.8.8.8 LEN=60 TOS=00 PREC=0x00 TTL=65 ID=0 DF PROTO=UDP SPT=55879 DPT=53 LEN=40 Sep 24 07:27:16 gateway TRACE: mangle:PREROUTING:policy: IN=eth2 OUT= SRC=172.20.1.210 DST=8.8.8.8 LEN=60 TOS=00 PREC=0x00 TTL=65 ID=0 DF PROTO=UDP SPT=55879 DPT=53 LEN=40 Sep 24 07:27:16 gateway TRACE: nat:PREROUTING:rule:3 IN=eth2 OUT= SRC=172.20.1.210 DST=8.8.8.8 LEN=60 TOS=00 PREC=0x00 TTL=65 ID=0 DF PROTO=UDP SPT=55879 DPT=53 LEN=40 Sep 24 07:27:16 gateway TRACE: nat:loc_dnat:return:3 IN=eth2 OUT= SRC=172.20.1.210 DST=8.8.8.8 LEN=60 TOS=00 PREC=0x00 TTL=65 ID=0 DF PROTO=UDP SPT=55879 DPT=53 LEN=40 Sep 24 07:27:16 gateway TRACE: nat:PREROUTING:policy:15 IN=eth2 OUT= SRC=172.20.1.210 DST=8.8.8.8 LEN=60 TOS=00 PREC=0x00 TTL=65 ID=0 DF PROTO=UDP SPT=55879 DPT=53 LEN=40 Sep 24 07:27:16 gateway TRACE: mangle:FORWARD:rule:1 IN=eth2 OUT=eth1 SRC=172.20.1.210 DST=8.8.8.8 LEN=60 TOS=00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=55879 DPT=53 LEN=40 Sep 24 07:27:16 gateway TRACE: mangle:accountfwd:rule:4 IN=eth2 OUT=eth1 SRC=172.20.1.210 DST=8.8.8.8 LEN=60 TOS=00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=55879 DPT=53 LEN=40 I'll update the documentation. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
