Re: [Shorewall-users] rejected traffic when port mirror is up

Thu, 25 Jun 2020 08:40:13 -0700 

On 6/25/20 3:07 AM, Vieri Di Paola wrote:
> Hi,
> 
> I recently upgraded both the Linux kernel and Shorewall, and my setup
> started to have issues I wasn't seeing before.
> 
> I am routing between networks, and I would like to "port mirror"
> traffic from some VLANs to one ethernet device, ie. from lan.13,
> lan.14 and lan.15 to soc.50.
> 
> As you can see in the shorewall dump I posted below, I run something
> like this in /etc/shorewall/started:
> 
>         for lan_vid in 13 14 15
>         do
>             run_tc qdisc add dev ${IF_LAN}.${lan_vid} ingress
>             run_tc filter add dev ${IF_LAN}.${lan_vid} parent ffff:
> protocol all u32 match u8 0 0 action mirred egress mirror dev
> $IF_SOC_VLAN
>             run_tc qdisc add dev ${IF_LAN}.${lan_vid} handle 1: root prio
>             run_tc filter add dev ${IF_LAN}.${lan_vid} parent 1:
> protocol all u32 match u8 0 0 action mirred egress mirror dev
> $IF_SOC_VLAN
>         done
> 
> This seemed to work fine before, but now I'm seeing a lot of rejected traffic.
> 
> For instance, just to list one example as there are many more in the
> dump, traffic from host with IP address 10.215.144.80 in lan.1 ('lan1'
> zone) to host with IP address_10.215.237.254 in 'ibs' zone on tcp port
> 20000 should be allowed "from lan1 to ibs".
> 
> However, I'm seeing this:
> 
> kernel: Shorewall:FORWARD:REJECT:IN=soc OUT=ibs
> MAC=ac:1f:6b:f5:b7:1a:00:50:56:b6:28:b2:08:00 SRC=10.215.144.80
> DST=10.215.237.254 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=10326 DF
> PROTO=TCP SPT=54218 DPT=20000 WINDOW=5840 RES=0x00 SYN URGP=0
> 
> Why? And why is it affecting traffic from lan1 to ibs?

That traffic is entering through the 'soc' interface. So if you unplug
the cable to that interface, then the messages will of course stop.

-Tom
-- 
Tom Eastep        \ Q: What do you get when you cross a mobster
Shoreline,         \    with an international standard?
Washington, USA     \ A: Someone who makes you an offer you
http://shorewall.org \    can't understand
                      \________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users






















					Reply via email to