Re: [Shorewall-users] 2 interface firewall router

Mon, 11 Dec 2017 20:36:07 -0800 

Looks like a routing problem.  Why is your internet traffic exiting on the lan 
interface?
Dec 11 18:49:48 nub kernel: Shorewall:fw-lan:REJECT:IN= OUT=enp3s0 SRC=192.168.2.3 DST=216.235.100.1 LEN=67 TOS=0x00 PREC=0x00 TTL=64 ID=43171 DF PROTO=UDP SPT=34131 DPT=53 LEN=47 

Someone's doing DNS queries to this device.  Is this device a DNS server?:

Dec 11 17:49:13 nub kernel: Shorewall:lan-fw:REJECT:IN=enp3s0 OUT= MAC=00:1a:a0:c8:63:e9:00:1d:09:0f:c6:11:08:00 SRC=192.168.2.8 
DST=192.168.2.1 LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=61272 DF PROTO=UDP SPT=52725 DPT=53 LEN=43


Internet traffic exiting enp4s0 (wan) is rejected. Are you rejecting NTP?:

Dec 11 17:49:13 nub kernel: Shorewall:fw-wan:REJECT:IN= OUT=enp4s0 SRC=192.168.1.2 DST=204.2.134.164 LEN=76 TOS=0x00 PREC=0x00 
TTL=64 ID=61436 DF PROTO=UDP SPT=47626 DPT=123 LEN=56


You should post your zones, interfaces, hosts, masq (or snat), and policy files.

Bill


On 12/11/2017 10:03 PM, jamby wrote:

Hi


  I am trying to replace my old version 4.5.1 on centos 6.9 with a newer computer running centos 7 up to date with shorewall 
5.0.14.1


  I tied to follow the two-card sample but have done something wrong.
Currently the old machine is still working but the hard drive is on its last 
legs.  Smart errors!


Problem:

enp3s0: interface on MB ip 192.168.2.1  local network  (lan)
enp4s0: interface on card   ip 192.168.1.2  internet  (wan)    --- 192.168.1.1  
wireless router ---  cable network router.


With the new 5. shorewall in place I can't ping the DNS servers or anything else on the internet.  Thunderbird & Firefox can't 
connect.



In Centos the SYSLOG is /var/log/messages and while I've tried to redefine the log as /var/log/shorewall it doesn't write to 
the file I created but that name.


Below is the "shorewall-init.log"  for the 5. vers.   and below that are a few 
of the packet messages from /var/log/messages.

See attached file..


Any other files you would like let me know...  Thanks Jim






------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users






















					Reply via email to