[Shorewall-users] Problems with external connections from firewall

Jose Luis Marin Perez Tue, 09 Aug 2016 16:20:47 -0700

Dear sirs,

I have shorewall version 4.5.21.5 installed through RPM, a configuration
has been made to ensure an internal network, that has been working well.


A week ago about is being presented strange behavior as verified through
logs the following:

Aug  7 00:00:00 Seguridad kernel: Shorewall:fw2net:DROP:IN= OUT=eth1
SRC=200.48.129.3 DST=69.197.169.78 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=59233 DF PROTO=TCP SPT=42554 DPT=3306 WINDOW=5840 RES=0x00 SYN URGP=0
Aug  7 00:00:00 Seguridad kernel: Shorewall:fw2net:ACCEPT:IN= OUT=eth1
SRC=200.48.170.59 DST=164.132.170.78 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=58084 DF PROTO=TCP SPT=37529 DPT=1520 WINDOW=5840 RES=0x00 SYN URGP=0
Aug  7 00:00:01 Seguridad kernel: Shorewall:fw2net:ACCEPT:IN= OUT=eth1
SRC=200.48.97.226 DST=190.196.123.25 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=61407 DF PROTO=TCP SPT=40418 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Aug  7 00:00:02 Seguridad kernel: Shorewall:fw2net:ACCEPT:IN= OUT=eth1
SRC=200.48.158.212 DST=69.30.224.86 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=17682 DF PROTO=TCP SPT=50763 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Aug  7 00:00:02 Seguridad kernel: Shorewall:fw2net:ACCEPT:IN= OUT=eth1
SRC=200.48.95.43 DST=149.202.219.49 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=54444 DF PROTO=TCP SPT=48415 DPT=1520 WINDOW=5840 RES=0x00 SYN URGP=0

As you will see from the external requirements FW IP 200.48.129.3 are
properly locked however from other IP that are unknown does allow access,
these IP are not configured on any interface.

What is happening is that saturates the bandwidth because many requirements
of this type.

This is my interface settings:

INTERFACES
#ZONE   INTERFACE       OPTIONS
net     eth1
 dhcp,tcpflags,nosmurfs,routefilter,logmartians,sourceroute=0
loc     eth0            tcpflags,nosmurfs,routefilter,logmartians
vpn     tosysb


IFCONFIG eth1
200.48.129.3

What could be happening?

thanks for your help

JL

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. http://sdm.link/zohodev2dev

_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

[Shorewall-users] Problems with external connections from firewall

Reply via email to