ok. Have now figures out IP addresses 192.18.0(1|2)
------------------------
llist@LeosLinux:~$ tail -f /var/log/syslog
Feb 23 13:39:42 LeosLinux NetworkManager[836]: <info> Writing DNS
information to /sbin/resolvconf
Feb 23 13:39:42 LeosLinux dnsmasq[1429]: setting upstream servers from DBus
Feb 23 13:39:42 LeosLinux dnsmasq[1429]: using nameserver 198.18.0.1#53
Feb 23 13:39:42 LeosLinux dnsmasq[1429]: using nameserver 198.18.0.2#53
Feb 23 13:39:42 LeosLinux dnsmasq[1429]: using nameserver 208.67.222.222#53
Feb 23 13:39:42 LeosLinux dnsmasq[1429]: using nameserver 208.67.220.220#53
Feb 23 13:39:42 LeosLinux NetworkManager[836]: <info> (tun0):
Activation: successful, device activated.
Feb 23 13:39:42 LeosLinux whoopsie[845]: [13:39:42] The default IPv4
route is: /org/freedesktop/NetworkManager/ActiveConnection/2
Feb 23 13:39:42 LeosLinux whoopsie[845]: [13:39:42] Network connection
may be a paid data plan: /org/freedesktop/NetworkManager/Devices/2
Feb 23 13:39:42 LeosLinux nm-dispatcher: Dispatching action 'up' for tun0
------------------------
Still looking for a solution though
On 22/02/16 12:03, Subscribe wrote:
> Have now installed wireshark and found the following:
>
>
> If I start shorewall, I get errors similar to this:
>
> --------------------------------------------------------------------
> Feb 22 11:36:01 LeosLinux kernel: [38591.340239]
> Shorewall:fw-vpn:REJECT:IN= OUT=tun0 SRC=172.20.34.203 DST=198.18.0.2
> LEN=69 TOS=0x00 PREC=0x00 TTL=64 ID=51779 DF PROTO=UDP SPT=44851
> DPT=53 LEN=49
> Feb 22 11:36:01 LeosLinux kernel: [38591.340251]
> Shorewall:fw-vpn:REJECT:IN= OUT=tun0 SRC=172.20.34.203
> DST=208.67.222.222 LEN=69 TOS=0x00 PREC=0x00 TTL=64 ID=11334 DF
> PROTO=UDP SPT=44851 DPT=53 LEN=49
> Feb 22 11:36:01 LeosLinux kernel: [38591.340261]
> Shorewall:fw-vpn:REJECT:IN= OUT=tun0 SRC=172.20.34.203
> DST=208.67.220.220 LEN=69 TOS=0x00 PREC=0x00 TTL=64 ID=23554 DF
> PROTO=UDP SPT=44851 DPT=53 LEN=49
> Feb 22 11:36:01 LeosLinux kernel: [38591.340271]
> Shorewall:fw-vpn:REJECT:IN= OUT=tun0 SRC=172.20.34.203 DST=198.18.0.1
> LEN=69 TOS=0x00 PREC=0x00 TTL=64 ID=26970 DF PROTO=UDP SPT=44851
> DPT=53 LEN=49
> Feb 22 11:36:01 LeosLinux kernel: [38591.340299]
> Shorewall:fw-vpn:REJECT:IN= OUT=tun0 SRC=172.20.34.203 DST=198.18.0.2
> LEN=69 TOS=0x00 PREC=0x00 TTL=64 ID=51780 DF PROTO=UDP SPT=26817
> DPT=53 LEN=49
> Feb 22 11:36:01 LeosLinux kernel: [38591.340310]
> Shorewall:fw-vpn:REJECT:IN= OUT=tun0 SRC=172.20.34.203
> DST=208.67.222.222 LEN=69 TOS=0x00 PREC=0x00 TTL=64 ID=11335 DF
> PROTO=UDP SPT=26817 DPT=53 LEN=49
> Feb 22 11:36:01 LeosLinux kernel: [38591.340320]
> Shorewall:fw-vpn:REJECT:IN= OUT=tun0 SRC=172.20.34.203
> DST=208.67.220.220 LEN=69 TOS=0x00 PREC=0x00 TTL=64 ID=23555 DF
> PROTO=UDP SPT=26817 DPT=53 LEN=49
> Feb 22 11:36:01 LeosLinux kernel: [38591.340330]
> Shorewall:fw-vpn:REJECT:IN= OUT=tun0 SRC=172.20.34.203 DST=198.18.0.1
> LEN=69 TOS=0x00 PREC=0x00 TTL=64 ID=26971 DF PROTO=UDP SPT=26817
> DPT=53 LEN=49
> ----------------------------------------------------------------------------------
>
> I have no idea what ip addresses 198.18.0.(1|2) are
>
> If I stop the shorewall and flush the rules, iptables looks as follows:
>
> ---------------------------------------------------------------------
> >>>sudo iptables -L
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> --------------------------------------------------------------------
>
> If I the start wireshark and openvon, I never see ip addresses
> 198.18.0.(1|2)
>
> I'm obviously out of my depth here, so really could do with some help
>
>
> Thanks,
>
> Leo
>
>
> On 20/02/16 13:50, Subscribe wrote:
>> Following is my environment. Attached is the output from the shorewall dump
>>
>> OS: Ubuntu 15.10 64bit Desktop on Laptop
>> Shorewall version: 4.6.4.3
>>
>>
>> llist@LeosGameLaptop:~$ sudo ip addr show
>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
>> group default
>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> inet 127.0.0.1/8 scope host lo
>> valid_lft forever preferred_lft forever
>> inet6 ::1/128 scope host
>> valid_lft forever preferred_lft forever
>> 2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast
>> state DOWN group default qlen 1000
>> link/ether 80:fa:5b:13:29:be brd ff:ff:ff:ff:ff:ff
>> 3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
>> group default qlen 1000
>> link/ether 80:19:34:b8:c8:e2 brd ff:ff:ff:ff:ff:ff
>> inet 192.168.1.208/24 brd 192.168.1.255 scope global dynamic wlan0
>> valid_lft 2782sec preferred_lft 2782sec
>> inet6 fe80::8219:34ff:feb8:c8e2/64 scope link
>> valid_lft forever preferred_lft forever
>> 4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
>> state DOWN group default
>> link/ether 52:54:00:68:a4:11 brd ff:ff:ff:ff:ff:ff
>> inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
>> valid_lft forever preferred_lft forever
>> 5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master
>> virbr0 state DOWN group default qlen 500
>> link/ether 52:54:00:68:a4:11 brd ff:ff:ff:ff:ff:ff
>> 20: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
>> pfifo_fast state UNKNOWN group default qlen 100
>> link/none
>> inet 172.20.17.184/22 brd 172.20.19.255 scope global tun0
>> valid_lft forever preferred_lft forever
>>
>> 5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master
>> virbr0 state DOWN group default qlen 500
>> link/ether 52:54:00:68:a4:11 brd ff:ff:ff:ff:ff:ff
>>
>>
>>
>> llist@LeosGameLaptop:~$ sudo ip route show
>> default via 172.20.16.1 dev tun0 proto static metric 50
>> default via 192.168.1.1 dev wlan0 proto static metric 600
>> 169.254.0.0/16 dev virbr0 scope link metric 1000
>> 172.20.16.0/22 dev tun0 proto kernel scope link src 172.20.17.184
>> metric 50
>> 173.245.209.129 via 192.168.1.1 dev wlan0 proto static metric 600
>> 192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.208
>> metric 600
>> 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
>>
>>
>> I've been running shorewall for a few years now, but have run into the
>> following problem recently.
>>
>> My shorewall files were created from the single interface example and are:
>>
>> ---------zones ----------------
>> ###############################################################################
>> #ZONE TYPE OPTIONS IN OUT
>> # OPTIONS OPTIONS
>> fw firewall
>> net ipv4
>> ovpn ipv4
>> --------------------------------
>>
>> ----------- interfaces ----------------
>> ###############################################################################
>> ?FORMAT 2
>> ###############################################################################
>> #ZONE INTERFACE OPTIONS
>> net eth0
>> dhcp,optional,tcpflags,logmartians,nosmurfs,sourceroute=0
>> net wlan0
>> dhcp,optional,tcpflags,logmartians,nosmurfs,sourceroute=0
>> ovpn tun0 dhcp,optional
>> ---------------------------------------------
>>
>> ----------- policy -----------------------------------------------
>>
>> #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
>> fw net ACCEPT
>> ovpn net ACCEPT
>> net all DROP info
>> ovpn all DROP info
>> # The FOLLOWING POLICY MUST BE LAST
>> all all REJECT info
>> ------------------------------------------------------------------
>>
>>
>> ------------ rules ---------------------------
>> #ACTION SOURCE DEST PROTO DEST
>> SOURCE ORIGINAL RATE USER/ MARK
>> CONNLIMIT TIME HEADERS SWITCH HELPER
>> # PORT
>> PORT(S) DEST LIMIT GROUP
>> ?SECTION ALL
>> ?SECTION ESTABLISHED
>> ?SECTION RELATED
>> ?SECTION INVALID
>> ?SECTION UNTRACKED
>> ?SECTION NEW
>>
>> # Drop packets in the INVALID state
>>
>> Invalid(DROP) net fw tcp
>>
>> # Drop Ping from the "bad" net zone.. and prevent your log from being
>> flooded..
>>
>> Ping(DROP) net fw
>>
>> # Permit all ICMP traffic FROM the firewall TO the net zone
>>
>> ACCEPT fw net icmp
>> #
>> # Permit openvpn
>>
>> ACCEPT:info ovpn fw udp - 1194
>> ACCEPT:info fw ovpn udp 1194
>> --------------------------------------------------------------------------------------
>>
>>
>> I've set up a new laptop and found that when using the Openvpn client,
>> shorewall rejects packets for destination port 53.
>>
>> ================================================================================
>> Feb 20 13:32:54 LeosGameLaptop kernel: [11141.270388]
>> Shorewall:fw-ovpn:REJECT:IN= OUT=tun0 SRC=172.20.17.184 DST=198.18.0.2
>> LEN=77 TOS=0x00 PREC=0x00 TTL=64 ID=1421 DF PROTO=UDP SPT=13415 DPT=53
>> LEN=57
>> Feb 20 13:32:54 LeosGameLaptop kernel: [11141.270396]
>> Shorewall:fw-ovpn:REJECT:IN= OUT=tun0 SRC=172.20.17.184 DST=61.9.194.49
>> LEN=77 TOS=0x00 PREC=0x00 TTL=64 ID=42653 DF PROTO=UDP SPT=13415 DPT=53
>> LEN=57
>> Feb 20 13:32:54 LeosGameLaptop kernel: [11141.270405]
>> Shorewall:fw-ovpn:REJECT:IN= OUT=tun0 SRC=172.20.17.184 DST=61.9.195.193
>> LEN=77 TOS=0x00 PREC=0x00 TTL=64 ID=47650 DF PROTO=UDP SPT=13415 DPT=53
>> LEN=57
>> ================================================================================
>>
>> Openvpn is listening on 1194, so I'm not sure where port 53 gets
>> involved. Suspected the Ubuntu dnsmasq, but after disabling this, the
>> problem remains. Have posted this question on the Ubuntu network forum,
>> but found no takers.
>>
>> netstat -tulpn
>> Active Internet connections (only servers)
>> Proto Recv-Q Send-Q Local Address Foreign Address
>> State PID/Program name
>> tcp 0 0 127.0.0.1:1194 0.0.0.0:*
>> LISTEN 15776/openvpn
>> tcp 0 0 127.0.1.1:53 0.0.0.0:*
>> LISTEN 1759/dnsmasq
>> tcp 0 0 192.168.122.1:53 0.0.0.0:*
>> LISTEN 1452/dnsmasq
>> tcp 0 0 127.0.0.1:631 0.0.0.0:*
>> LISTEN 6607/cupsd
>> tcp 0 0 127.0.0.1:25 0.0.0.0:*
>> LISTEN 2247/master
>> tcp6 0 0 ::1:631 :::*
>> LISTEN 6607/cupsd
>> tcp6 0 0 ::1:25 :::*
>> LISTEN 2247/master
>> udp 0 0 0.0.0.0:59475
>> 0.0.0.0:* 1093/avahi-daemon:
>> udp 0 0 0.0.0.0:44297
>> 0.0.0.0:* 15776/openvpn
>> udp 0 0 0.0.0.0:5353
>> 0.0.0.0:* 1093/avahi-daemon:
>> udp 0 0 0.0.0.0:24280
>> 0.0.0.0:* 7767/dhclient
>> udp 0 0 127.0.1.1:53
>> 0.0.0.0:* 1759/dnsmasq
>> udp 0 0 192.168.122.1:53
>> 0.0.0.0:* 1452/dnsmasq
>> udp 0 0 0.0.0.0:67
>> 0.0.0.0:* 1452/dnsmasq
>> udp 0 0 0.0.0.0:68
>> 0.0.0.0:* 7767/dhclient
>> udp 0 0 0.0.0.0:631
>> 0.0.0.0:* 1224/cups-browsed
>> udp6 0 0 :::2277
>> :::* 7767/dhclient
>> udp6 0 0 :::5353
>> :::* 1093/avahi-daemon:
>> udp6 0 0 :::58274
>> :::* 1093/avahi-daemon:
>>
>>
>>
>> Thanks
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>> Monitor end-to-end web transactions and take corrective actions now
>> Troubleshoot faster and improve end-user experience. Signup Now!
>> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
>>
>>
>> _______________________________________________
>> Shorewall-users mailing list
>> Shorewall-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
>
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
