Le 30 juillet 2019 19:50:20 GMT+02:00, Tom Eastep <teas...@shorewall.net> a
écrit :
>On 7/30/19 10:47 AM, Mahashakti89 wrote:
>> Le Tue, 30 Jul 2019 10:21:09 -0700,
>> Tom Eastep <teas...@shorewall.net> a �crit :
>>
>>> On 7/29/19 10:20 AM, Mahashakti89 wrote:
>>>> Hi,
>>>>
>>>> I already tried the trick with the update-alternatives --config
>>>> iptables command. Shorewall is indeed starting but I have no
>>>> internet access.In /var/log/syslog I find following errors :
>>>>
>>>> loc-fw REJECT IN=eth1 OUT=
>>>> MAC=78:24:af:47:80:12:2c:e4:12:dd:51:d4:08:00 SRC=94.124.134.53
>>>> DST=192.168.1.16 LEN=98 TOS=0x00 PREC=0x00 TTL=53 ID=16711 DF
>>>> PROTO=TCP SPT=443 DPT=50430 WINDOW=531 RES=0x00 ACK FIN URGP=0 Jul
>>>> 29 19:12:06 ishwara kernel: [ 207.392482] fw-loc REJECT IN=
>>>> OUT=eth1 SRC=192.168.1.16 DST=94.124.134.53 LEN=40 TOS=0x00
>>>> PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=50430 DPT=443 WINDOW=0
>>>> RES=0x00 RST URGP=0 Jul 29 19:12:06 ishwara kernel: [ 207.798926]
>>>> loc-fw REJECT IN=eth1 OUT=
>>>> MAC=78:24:af:47:80:12:2c:e4:12:dd:51:d4:08:00 SRC=94.124.134.53
>>>> DST=192.168.1.16 LEN=98 TOS=0x00 PREC=0x00 TTL=53 ID=16712 DF
>>>> PROTO=TCP SPT=443 DPT=50430 WINDOW=531 RES=0x00 ACK FIN URGP=0 Jul
>>>> 29 19:12:06 ishwara kernel: [ 207.798938] fw-loc REJECT IN=
>>>> OUT=eth1 SRC=192.168.1.16 DST=94.124.134.53 LEN=40 TOS=0x00
>>>> PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=50430 DPT=443 WINDOW=0
>>>> RES=0x00 RST URGP=0 Jul 29 19:12:07 ishwara kernel: [ 208.213091]
>>>> loc-fw REJECT IN=eth1 OUT=
>>>> MAC=78:24:af:47:80:12:2c:e4:12:dd:51:d4:08:00 SRC=94.124.134.53
>>>> DST=192.168.1.16 LEN=98 TOS=0x00 PREC=0x00 TTL=53 ID=16713 DF
>>>> PROTO=TCP SPT=443 DPT=50430 WINDOW=531 RES=0x00 ACK FIN URGP=0 Jul
>>>> 29 19:12:07 ishwara kernel: [ 208.213135] fw-loc REJECT IN=
>>>> OUT=eth1 SRC=192.168.1.16 DST=94.124.134.53 LEN=40 TOS=0x00
>>>> PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=50430 DPT=443 WINDOW=0
>>>> RES=0x00 RST URGP=0 Jul 29 19:12:08 ishwara kernel: [ 209.045584]
>>>> loc-fw REJECT IN=eth1 OUT=
>>>> MAC=78:24:af:47:80:12:2c:e4:12:dd:51:d4:08:00 SRC=94.124.134.53
>>>> DST=192.168.1.16 LEN=98 TOS=0x00 PREC=0x00 TTL=53 ID=16714 DF
>>>> PROTO=TCP SPT=443 DPT=50430 WINDOW=531 RES=0x00 ACK FIN URGP=0 Jul
>>>> 29 19:12:08 ishwara kernel: [ 209.045629] fw-loc REJECT IN=
>>>> OUT=eth1 SRC=192.168.1.16 DST=94.124.134.53 LEN=40 TOS=0x00
>>>> PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=50430 DPT=443 WINDOW=0
>>>> RES=0x00 RST URGP=0 Jul 29 19:12:08 ishwara kernel: [ 209.345187]
>>>> fw-loc REJECT IN= OUT=eth1 SRC=192.168.1.16 DST=192.168.1.1 LEN=67
>>>> TOS=0x00 PREC=0x00 TTL=64 ID=56117 DF PROTO=UDP SPT=58742 DPT=53
>>>> LEN=47 Jul 29 19:12:08 ishwara kernel: [ 209.345319] fw-loc REJECT
>>>> IN= OUT=eth1 SRC=192.168.1.16 DST=192.168.1.1 LEN=67 TOS=0x00
>>>> PREC=0x00 TTL=64 ID=56118 DF PROTO=UDP SPT=43055 DPT=53 LEN=47 Jul
>>>> 29 19:12:08 ishwara kernel: [ 209.345477] fw-loc REJECT IN=
>>>> OUT=eth1 SRC=192.168.1.16 DST=192.168.1.1 LEN=72 TOS=0x00 PREC=0x00
>>>> TTL=64 ID=56119 DF PROTO=UDP SPT=49654 DPT=53 LEN=52 Jul 29
>>>> 19:12:08 ishwara kernel: [ 209.345616] fw-loc REJECT IN= OUT=eth1
>>>> SRC=192.168.1.16 DST=192.168.1.1 LEN=72 TOS=0x00 PREC=0x00 TTL=64
>>>> ID=56120 DF PROTO=UDP SPT=59124 DPT=53 LEN=52 Jul 29 19:12:08
>>>> ishwara kernel: [ 209.346288] fw-loc REJECT IN= OUT=eth1
>>>> SRC=192.168.1.16 DST=192.168.1.1 LEN=67 TOS=0x00 PREC=0x00 TTL=64
>>>> ID=56121 DF PROTO=UDP SPT=44769 DPT=53 LEN=47 Jul 29 19:12:08
>>>> ishwara kernel: [ 209.346466] fw-loc REJECT IN= OUT=eth1
>>>> SRC=192.168.1.16 DST=192.168.1.1 LEN=67 TOS=0x00 PREC=0x00 TTL=64
>>>> ID=56122 DF PROTO=UDP SPT=50842 DPT=53 LEN=47 Jul 29 19:12:08
>>>> ishwara kernel: [ 209.346598] fw-loc REJECT IN= OUT=eth1
>>>> SRC=192.168.1.16 DST=192.168.1.1 LEN=72 TOS=0x00 PREC=0x00 TTL=64
>>>> ID=56123 DF PROTO=UDP SPT=33377 DPT=53 LEN=52 Jul 29 19:12:09
>>>> ishwara kernel: [ 210.673458] loc-fw REJECT IN=eth1 OUT=
>>>> MAC=78:24:af:47:80:12:2c:e4:12:dd:51:d4:08:00 SRC=94.124.134.53
>>>> DST=192.168.1.16 LEN=98 TOS=0x00 PREC=0x00 TTL=53 ID=16715 DF
>>>> PROTO=TCP SPT=443 DPT=50430 WINDOW=531 RES=0x00 ACK FIN URGP=0 Jul
>>>> 29 19:12:09 ishwara kernel: [ 210.673502] fw-loc REJECT IN=
>>>> OUT=eth1 SRC=192.168.1.16 DST=94.124.134.53 LEN=40 TOS=0x00
>>>> PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=50430 DPT=443 WINDOW=0
>>>> RES=0x00 RST URGP=0 Jul 29 19:12:13 ishwara kernel: [ 214.065616]
>>>> loc-fw REJECT IN=eth1 OUT=
>>>> MAC=78:24:af:47:80:12:2c:e4:12:dd:51:d4:08:00 SRC=94.124.134.53
>>>> DST=192.168.1.16 LEN=98 TOS=0x00 PREC=0x00 TTL=53 ID=16716 DF
>>>> PROTO=TCP SPT=443 DPT=50430 WINDOW=531 RES=0x00 ACK FIN URGP=0 Jul
>>>> 29 19:12:13 ishwara kernel: [ 214.065661] fw-loc REJECT IN=
>>>> OUT=eth1 SRC=192.168.1.16 DST=94.124.134.53 LEN=40 TOS=0x00
>>>> PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=50430 DPT=443 WINDOW=0
>>>> RES=0x00 RST URGP=0
>>>>
>>>> I will send you privately the tarball of /etc/shorewall.
>>
>>> Please send me the output of 'shorewall dump' taken while the above
>is
>>> happening.
>>
>>> Thanks!
>>> -Tom
>>
>>
>> Works now using iptables-legacy. I had to purge the interfaces
>> configuration issued from network-manager ......
>
>Yes -- from the messages, it looked like the interfaces may have been
>reversed.
>
>>
>> But why it doesn't work with nft-tables I do not know.
>>
>
>I'll have to install Sid somewhere to try to understand that. But the
>version of Shorewall in Sid is the same as that in Buster, so it is
>likely not an issue in Shorewall itself.
>
>-Tom
>--
>Tom Eastep \ Q: What do you get when you cross a mobster with
>Shoreline, \ an international standard?
>Washington, USA \ A: Someone who makes you an offer you can't
>http://shorewall.org \ understand
> \_______________________________________________
Hi,
I thought it was perhaps something wrong in my kernel configuration, but I
didn't find any clue
that would point in that direction
Regards
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
