Problem solved! Shorewall was not the reason. The reason was my router filtering UDP requests. I did not know about these filters... and some log entries were missleading me.
Sorry for the noise and thanks for your help! Best Sven > Am 12.05.2017 um 13:53 schrieb Paul Gear <[email protected]>: > >> On 12/05/17 21:15, Roberto C. Sánchez wrote: >> >> [SNIP] >>> Chain loc-net (1 references) >>> pkts bytes target prot opt in out source >>> destination >>> 11685 3316K ACCEPT all -- * * 0.0.0.0/0 >>> 0.0.0.0/0 ctstate RELATED,ESTABLISHED >>> 21402 1627K ACCEPT udp -- * * 0.0.0.0/0 >>> 0.0.0.0/0 udp dpt:123 /* NTP */ >>> 1373 164K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 >> [SNIP] >> >> It looks like you have many UDP packets pass from the loc zone to the >> net zone. Also, the log entries at the bottom of the dump output do not >> show any drops or rejects for UDP port 123. Could you induce the >> failure and run 'shorewall dump' again and then provide that output? > > And there are plenty of counters that say your packets are being > accepted, but no conntrack table entries to say that they've been > replied to. > > I wonder if you have chosen NTP servers which aren't responding. Try > some well-known public ones with stable IPs like time.apple.com or > ntp.ubuntu.com to see whether they are responsive. > > Paul > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
