Am 05.09.2018 um 17:16 schrieb Boris: > Hej SW-list, > > This is the first time that I'm writing directly to the SW list. First > of all, I want to thank you for this great software! I can hardly > believe that I have been using SW for more than 15 years - embedded in > the also great environment of LEAF (Linux Embedded Appliance Framework > (formerly Firewall)). > > And now, for the first time, I have a problem that I don't understand > and hope for help: > My LEAF box (Ver. 6.x with SW 5.1.7.2 on Alix hardware) worked great on > a VDSL internet line with 25 Mbps / 5Mbps. I used a FritzBox 7490 as > modem (PassThrough). I have a web server and a mail server in a DMZ > segment, a few desktop PCs in the LAN segment and a few wireless devices > in a WLAN segment. The box also serves as an OpenVPN server. Nothing > really extraordinary, I think. > > A few hours ago I got a new internet line switched with higher > bandwidth. Unfortunately, I don't (yet) have any detailed technical > specifications for the line other than the bandwidth (100Mbps / 40Mbps). > A new FritzBox 7590 serves as modem. During a conversation with the > support of the provider the keyword 'VLAN 7' was mentioned. This seems > to indicate a BNG connection from Telekom, but I didn't have to set up > VLAN tagging. > > Now to the problem description: With the unchanged SW configuration, > REJECTS of TCP packets from and to the zone 'net' occur, which were > transported correctly before the switchover! It looks like some packets > are passing through sporadically, but I can't secure that and I can't > even reproduce it. All other zones work fine with each other, so > loc-wlan, wlan-dmz, dmz-loc and so on. In addition, icmp packets are > transported over the zone net without any problems. > In order to be able to use my environment, I removed all restrictions as > a temporary solution, with a global statement in /shorewall/policy: > all all ACCEPT > This is of course undesirable and I am looking for the cause of the > problem. I asked the provider for detailed specifications of the line. > Maybe someone has an idea here? I deactivated the global ACCEPT again > and made a dump, which is attached. > > Many thanks and many greetings, >
Hej all again, finally I am quite desperate about this and do not have an idea how to find a solution. What I've done is upgrade all the router software to LEAF 6.1.4 - and with that from SW 5.1.7.2 Rev 1 to SW 5.2.0.4. Unfortunately there is no change. Any idea to find what is going wrong will be highly appreciated! Thanks, Boris _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
