Hi Tom Am 10.03.2020 um 17:59 schrieb Tom Eastep: > On 3/9/20 7:26 PM, Erich Titl wrote: ...
>> >> Obviously I am not home else all this would be pointless. My current IP >> address is 92.144.119.39 and the shorewall log shows the following: >> >> Mar 10 00:49:55 gatekeeper Shorewall:net-fw:DROP: IN=eth0 OUT= >> MAC=00:0d:b9:1c:ce:dc:00:17:10:99:a7:43:08:00 SRC=92.144.119.39 >> DST=80.219.225.247 LEN=40 TOS=00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP >> SPT=49158 DPT=993 SEQ=3841251305 ACK=0 WINDOW=0 RST URGP=0 MARK=0 >> Mar 10 00:50:02 gatekeeper Shorewall:net-fw:DROP: IN=eth0 OUT= >> MAC=00:0d:b9:1c:ce:dc:00:17:10:99:a7:43:08:00 SRC=92.144.119.39 >> DST=80.219.225.247 LEN=40 TOS=00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP >> SPT=49159 DPT=993 SEQ=1536968444 ACK=0 WINDOW=0 RST URGP=0 MARK=0 > > I assume that your geoip rule specifies logging (the rule you show above > does not)? > The uncommented rule is SSH(DROP) net:^CN all But indeed I looked up the SSH macro and there appears no logging defined. I would then think that the policy would log those packets and the geoip rule would not be the reason. I rechecked the setup and this time there is no log entry in shorewall.log. So I assume the reasno for the drop is the geoip rule. Sorry about the bad info. >> >> As would be expected by the firewall settings. >> >> geoip modules appear to be loaded into the kernel >> >> gatekeeper# lsmod | grep geoip >> xt_geoip 16384 0 - Live 0xc0ab2000 (O) >> x_tables 20480 25 >> xt_geoip,xt_iface,xt_tcpmss,xt_nat,xt_recent,xt_comment,ipt_REJECT,xt_addrtype,xt_mark,iptable_mangle,xt_TCPMSS,xt_tcpudp,xt_CT,iptable_raw,xt_multiport,xt_NFLOG,xt_LOG,iptable_filter,xt_ipp2p,xt_state,xt_helper,xt_conntrack,xt_REDIRECT,ipt_MASQUERADE,ip_tables, >> Live 0xc08dc000 >> >> gatekeeper# ls -lR xt_geoip >> xt_geoip: >> drwxr-xr-x 2 root root 40 Jun 9 2019 BE >> drwxr-xr-x 2 root root 80 Mar 7 22:47 LE >> >> xt_geoip/BE: >> >> xt_geoip/LE: >> -rw-r--r-- 1 root root 33664 Mar 7 22:47 CN.iv4 >> -rw-r--r-- 1 root root 179848 Mar 7 22:47 US.iv4 >> gatekeeper# >> >> I have the files for US and China in the LE folder and shorewall appears >> to be happy. >> >> gatekeeper# shorewall show capabilities | grep GEO >> Geo IP Match (GEOIP_MATCH): Available >> >> Now I must be missing something, but what? >> > > Assuming that the geoip rule is producing the log messages that you show > above, it appears that something is broken in your geoip setup -- either > the code itself, or the CN.ipv4 database. I would think that a broken xt_geoip module would not load and show up in lsmod as alive. I checked manually in the .csv sources to the database and there my IP shows up in the correct region. Is there a reasonable way to check the CN.iv4 database? Now I only placed the iv4 files into the LE directory, assuming that my x86 based system was little endian. Thanks Erich
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
