On 9/12/2015 4:01 PM, Ob Noxious wrote: > On Tue, Sep 8, 2015 at 8:24 PM, Tom Eastep <[email protected] > <mailto:[email protected]>> wrote: > > Please forward the output of 'shorewall dump' collected as described at > http://www.shorewall.org/support.htm#Guidelines. > > > Sorry for the late reply, I've been drowning with work lately. > > Please find the "shorewall dump" attached. > > The IP addresses in the dump file will be different from the earlier > discussion because it was a test bed and the dump come from a real life > service. It runs happily in production because this minor bug (5 DROP > hits in FORWARD whenever the proxy or SMTP LXC service tries to get out) > is harmless, it only fills up the logs :-) > > I've disabled in "rules" the unecessary rules to make the dump less > cluttered. Shorewall was restarted and inside the proxy LXC container, a > simple "nc -z www.shorewall.net <http://www.shorewall.net> 80" was > issued to trigger the hits. > > To make more room for zones and log tags, the prefix "Shorewall" was > reduced to "Swall". > > If you need more information, don't hesitate to ask. Thank you very much > for trying to help with the case.
It looks to me as if either the bridge is mis-behaving or the traffic is being sent with the broadcast L2 address. Please 'tcpdump -nbi vbridge' and ping as before. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
