-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Le Tue, 30 Jul 2019 10:21:09 -0700, Tom Eastep <teas...@shorewall.net> a �crit :
> On 7/29/19 10:20 AM, Mahashakti89 wrote: > > Hi, > > > > I already tried the trick with the update-alternatives --config > > iptables command. Shorewall is indeed starting but I have no > > internet access.In /var/log/syslog I find following errors : > > > > loc-fw REJECT IN=eth1 OUT= > > MAC=78:24:af:47:80:12:2c:e4:12:dd:51:d4:08:00 SRC=94.124.134.53 > > DST=192.168.1.16 LEN=98 TOS=0x00 PREC=0x00 TTL=53 ID=16711 DF > > PROTO=TCP SPT=443 DPT=50430 WINDOW=531 RES=0x00 ACK FIN URGP=0 Jul > > 29 19:12:06 ishwara kernel: [ 207.392482] fw-loc REJECT IN= > > OUT=eth1 SRC=192.168.1.16 DST=94.124.134.53 LEN=40 TOS=0x00 > > PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=50430 DPT=443 WINDOW=0 > > RES=0x00 RST URGP=0 Jul 29 19:12:06 ishwara kernel: [ 207.798926] > > loc-fw REJECT IN=eth1 OUT= > > MAC=78:24:af:47:80:12:2c:e4:12:dd:51:d4:08:00 SRC=94.124.134.53 > > DST=192.168.1.16 LEN=98 TOS=0x00 PREC=0x00 TTL=53 ID=16712 DF > > PROTO=TCP SPT=443 DPT=50430 WINDOW=531 RES=0x00 ACK FIN URGP=0 Jul > > 29 19:12:06 ishwara kernel: [ 207.798938] fw-loc REJECT IN= > > OUT=eth1 SRC=192.168.1.16 DST=94.124.134.53 LEN=40 TOS=0x00 > > PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=50430 DPT=443 WINDOW=0 > > RES=0x00 RST URGP=0 Jul 29 19:12:07 ishwara kernel: [ 208.213091] > > loc-fw REJECT IN=eth1 OUT= > > MAC=78:24:af:47:80:12:2c:e4:12:dd:51:d4:08:00 SRC=94.124.134.53 > > DST=192.168.1.16 LEN=98 TOS=0x00 PREC=0x00 TTL=53 ID=16713 DF > > PROTO=TCP SPT=443 DPT=50430 WINDOW=531 RES=0x00 ACK FIN URGP=0 Jul > > 29 19:12:07 ishwara kernel: [ 208.213135] fw-loc REJECT IN= > > OUT=eth1 SRC=192.168.1.16 DST=94.124.134.53 LEN=40 TOS=0x00 > > PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=50430 DPT=443 WINDOW=0 > > RES=0x00 RST URGP=0 Jul 29 19:12:08 ishwara kernel: [ 209.045584] > > loc-fw REJECT IN=eth1 OUT= > > MAC=78:24:af:47:80:12:2c:e4:12:dd:51:d4:08:00 SRC=94.124.134.53 > > DST=192.168.1.16 LEN=98 TOS=0x00 PREC=0x00 TTL=53 ID=16714 DF > > PROTO=TCP SPT=443 DPT=50430 WINDOW=531 RES=0x00 ACK FIN URGP=0 Jul > > 29 19:12:08 ishwara kernel: [ 209.045629] fw-loc REJECT IN= > > OUT=eth1 SRC=192.168.1.16 DST=94.124.134.53 LEN=40 TOS=0x00 > > PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=50430 DPT=443 WINDOW=0 > > RES=0x00 RST URGP=0 Jul 29 19:12:08 ishwara kernel: [ 209.345187] > > fw-loc REJECT IN= OUT=eth1 SRC=192.168.1.16 DST=192.168.1.1 LEN=67 > > TOS=0x00 PREC=0x00 TTL=64 ID=56117 DF PROTO=UDP SPT=58742 DPT=53 > > LEN=47 Jul 29 19:12:08 ishwara kernel: [ 209.345319] fw-loc REJECT > > IN= OUT=eth1 SRC=192.168.1.16 DST=192.168.1.1 LEN=67 TOS=0x00 > > PREC=0x00 TTL=64 ID=56118 DF PROTO=UDP SPT=43055 DPT=53 LEN=47 Jul > > 29 19:12:08 ishwara kernel: [ 209.345477] fw-loc REJECT IN= > > OUT=eth1 SRC=192.168.1.16 DST=192.168.1.1 LEN=72 TOS=0x00 PREC=0x00 > > TTL=64 ID=56119 DF PROTO=UDP SPT=49654 DPT=53 LEN=52 Jul 29 > > 19:12:08 ishwara kernel: [ 209.345616] fw-loc REJECT IN= OUT=eth1 > > SRC=192.168.1.16 DST=192.168.1.1 LEN=72 TOS=0x00 PREC=0x00 TTL=64 > > ID=56120 DF PROTO=UDP SPT=59124 DPT=53 LEN=52 Jul 29 19:12:08 > > ishwara kernel: [ 209.346288] fw-loc REJECT IN= OUT=eth1 > > SRC=192.168.1.16 DST=192.168.1.1 LEN=67 TOS=0x00 PREC=0x00 TTL=64 > > ID=56121 DF PROTO=UDP SPT=44769 DPT=53 LEN=47 Jul 29 19:12:08 > > ishwara kernel: [ 209.346466] fw-loc REJECT IN= OUT=eth1 > > SRC=192.168.1.16 DST=192.168.1.1 LEN=67 TOS=0x00 PREC=0x00 TTL=64 > > ID=56122 DF PROTO=UDP SPT=50842 DPT=53 LEN=47 Jul 29 19:12:08 > > ishwara kernel: [ 209.346598] fw-loc REJECT IN= OUT=eth1 > > SRC=192.168.1.16 DST=192.168.1.1 LEN=72 TOS=0x00 PREC=0x00 TTL=64 > > ID=56123 DF PROTO=UDP SPT=33377 DPT=53 LEN=52 Jul 29 19:12:09 > > ishwara kernel: [ 210.673458] loc-fw REJECT IN=eth1 OUT= > > MAC=78:24:af:47:80:12:2c:e4:12:dd:51:d4:08:00 SRC=94.124.134.53 > > DST=192.168.1.16 LEN=98 TOS=0x00 PREC=0x00 TTL=53 ID=16715 DF > > PROTO=TCP SPT=443 DPT=50430 WINDOW=531 RES=0x00 ACK FIN URGP=0 Jul > > 29 19:12:09 ishwara kernel: [ 210.673502] fw-loc REJECT IN= > > OUT=eth1 SRC=192.168.1.16 DST=94.124.134.53 LEN=40 TOS=0x00 > > PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=50430 DPT=443 WINDOW=0 > > RES=0x00 RST URGP=0 Jul 29 19:12:13 ishwara kernel: [ 214.065616] > > loc-fw REJECT IN=eth1 OUT= > > MAC=78:24:af:47:80:12:2c:e4:12:dd:51:d4:08:00 SRC=94.124.134.53 > > DST=192.168.1.16 LEN=98 TOS=0x00 PREC=0x00 TTL=53 ID=16716 DF > > PROTO=TCP SPT=443 DPT=50430 WINDOW=531 RES=0x00 ACK FIN URGP=0 Jul > > 29 19:12:13 ishwara kernel: [ 214.065661] fw-loc REJECT IN= > > OUT=eth1 SRC=192.168.1.16 DST=94.124.134.53 LEN=40 TOS=0x00 > > PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=50430 DPT=443 WINDOW=0 > > RES=0x00 RST URGP=0 > > > > I will send you privately the tarball of /etc/shorewall. > > Please send me the output of 'shorewall dump' taken while the above is > happening. > > Thanks! > -Tom Works now using iptables-legacy. I had to purge the interfaces configuration issued from network-manager ...... But why it doesn't work with nft-tables I do not know. Thanks for all -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEqwnUSptd4nUozSorgCLNhIOctIAFAl1AgpcACgkQgCLNhIOc tICiZgf/ePJHOukDZREQgx6raoFyt8FcE2KIdXOpiBuarENRQ4DZof/zpBJ6Iw0X 3CNZVjiPX4pXWb0R/GmqLvkgI6jkiFv4KKboICGZTX+knvkzar6+FkAUz8rN8L2o NmLMJacqK914juLiZ8lxMfIqnN+oZvp5R1JJDlDQpi1W/yTEITBnxH+H0i+U/+b+ 9AYmJsMpuyApCcmh1nqkXQKOpfXaaN47vwXo44JKdYFD4rqZVvTmwmSecSb9eRmU uXiHnOawA1zWizYBoaxTy+0gJA/h/O6DFMnSG4TVyZLkw6XEDlUAkxoqPnCJ7yRL vA3smM7Nk2LovS9Pt6yAAHfNLDiBKw== =0yXK -----END PGP SIGNATURE----- _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
