Re: [Shorewall-users] Shorewall and port 465,587,993,995 not open

Sat, 18 Feb 2017 13:49:55 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 02/17/2017 11:11 PM, Zenny wrote:
> Dear Tom,
> 
> Please find attached the output of the 'shorewall dump' for your 
> review. Cced to you in case the mailinglist does not allow
> attachment.
> 

Ports 465,587,993 and 995 are all being forwarded to 192.168.2.100:

Chain net_dnat (1 references)
 pkts bytes target     prot opt in     out     source
destination
...
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0
0.0.0.0/0            tcp dpt:465 to:192.168.2.100
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0
0.0.0.0/0            tcp dpt:587 to:192.168.2.100
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0
0.0.0.0/0            tcp dpt:993 to:192.168.2.100
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0
0.0.0.0/0            tcp dpt:995 to:192.168.2.100
...

I notice that:

a) Port 25 is being forwarded to 192.168.2.101:

...
    6   324 DNAT       tcp  --  *      *       0.0.0.0/0
0.0.0.0/0            tcp dpt:25 to:192.168.2.101

b) 192.168.2.100 doesn't appear as a neighbor:

ARP

? (169.254.1.1) at 00:11:0a:69:81:d8 [ether] on eth0
? (192.168.2.101) at 52:e9:1c:25:1b:b7 [ether] on vmbr0

c) There is only one port attached to the bridge

bridge name     bridge id               STP enabled     interfaces
vmbr0           8000.fe36d530da18       no              veth101i0

So if 192.168.2.100 is correct, then your Shorewall configuration is
correct and you need to start the VM with that address and have
servers listening on those ports.

- -Tom
- -- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJYqMBRAAoJEJbms/JCOk0Qf7EQAKn74GQueJQnPYMwRZKlmk99
eNG3dvYqd2CoiH5qeP6Npz2tC7q3eDuUi5ITvyMpLNtQStVTMEfzV/i/7mXk8TE6
GLHVht9OdNpKoQbirulKUtCKdBzrEj04SCpof7uPgObWvm7mfBjs5ERyplKO13Vl
NkTbvb5wIn6QFn81rKtfgYL7q7YVIeS1h5cJAsmApjYWzTypOUjMRLyfqpDmOd2R
4UMdKS3k2uEqe3+42pVYcJjMfW2ooCx6jqI1r0FbnBf0GUmGkbsgbvTVGSbXnxlP
UzqJ1c826Ze38fE3CBffNVgxLgjhvi8IHbhuhyrNjjdqoeBhHeutaoul7D4gKgss
fK/rGBkIF2czSJ35W8hKJRG8aDI8iJ0u8jcEj9BO/xsaeDWZjEb29bJaEAodRczk
Ti3tpo4tzoX9wg0Kn3r24d7AXr8Z7RuUhYituC3l161x7q78AiqO5jklJHNQJSt7
RWDzZwkjP+4vwvgRmPgHYWzqoMPEmKyDlV8JgL5gLDvNGVdb920RxFWVEr4GxNJU
4RpYT1IkilOemvGHVgTiRKyhQlh6H+ro3Oz6j9KBKA6A5rfpVctLSO+odqZ8C+tO
zBxlSJ+j0Ry06uA+6BRcGHrPYNNmDcb2ozsP+HQv3gbTahNSPjhAM5/1NaQKkPe2
zBGgyogjTLkm+0RbkDoJ
=Hqj7
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to