On 9/1/2021 3:12 PM, Matt Darfeuille wrote: > On 9/1/2021 11:40 AM, Matt Darfeuille wrote: >> On 9/1/2021 10:55 AM, Franz Holzinger wrote: >>>>> I have this policy file: >>>>> fw net ACCEPT >>>>> fw dock ACCEPT >>>>> dock all ACCEPT >>>>> net all DROP info >>>>> all all REJECT info >>>>> >>> >>>> Given the last policy, are you seeing anything in the log (REJECT for >>>> that port)? >>> I get these logfile entries for the DDEV url >>> https://umgebung1.ddev.site:8443/: >>> >>> Sep 1 10:36:44 franz-820 kernel: [16328.774791] INPUT REJECT >>> IN=br-81fbb014aa75 OUT= PHYSIN=veth0bab8b8 >>> MAC=02:42:c7:d7:7d:a9:02:42:ac:12:00:06:08:00 SRC=172.18.0.6 DST=172.18.0.1 >>> LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=8443 DPT=36868 >>> WINDOW=65160 RES=0x00 ACK SYN URGP=0 >>> Sep 1 10:36:59 franz-820 slack.desktop[2342]: [09/01/21, 10:36:59:270] >>> info: [DND] (T024TUMLZ) Checking for changes in DND status for the >>> following members: U07FRBCHE >>> Sep 1 10:36:59 franz-820 slack.desktop[2342]: [09/01/21, 10:36:59:270] >>> info: [DND] (T024TUMLZ) Will check for changes in DND status again in 5 >>> minutes >>> Sep 1 10:37:00 franz-820 kernel: [16345.158548] INPUT REJECT >>> IN=br-81fbb014aa75 OUT= PHYSIN=veth0bab8b8 >>> MAC=02:42:c7:d7:7d:a9:02:42:ac:12:00:06:08:00 SRC=172.18.0.6 DST=172.18.0.1 >>> LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=8443 DPT=36868 >>> WINDOW=65160 RES=0x00 ACK SYN URGP=0 >>> >>> >>> shorewall logwatch: >>> >>> Sep 1 10:52:19 INPUT REJECT IN=br-81fbb014aa75 OUT= PHYSIN=veth0bab8b8 >>> SRC=172.18.0.6 DST=172.18.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF >>> PROTO=TCP SPT=8443 DPT=37382 WINDOW=65160 RES=0x00 ACK SYN URGP=0 >>> >> >> Clearly the traffic between interfaces (br-81fbb014aa75 and veth0bab8b8 >> is 'rejected. >> >> Are the containers on a bridge? >> >> It looks like the interfaces are not properly defined in the zones. >> > > Are you trying to access those containers remotely, if so you need to > allow traffic from the net zone to the containers zone. > > From the log: > > "SRC=172.18.0.6 DST=172.18.0.1" > > This looks to indicate that ip 0.6 is trying to access 0.1 in the same > subnet. > > But 'ddev' is listening on 127.0.0.1. > > > Any one here using 'ddev' and Shorewall? > > If you are still not getting anywhere, please follow the instructions at > (2) followed by (3). > > > Some more explanation from the OP (1). > > > 1) https://forums.mageia.org/en/viewtopic.php?t=14305&p=83812 > 2) https://shorewall.org/troubleshoot.htm#Connections > 3) https://shorewall.org/support.htm#Guidelines >
And (4) to read before (2) and 3). 4) https://shorewall.org/#GettingStarted -- Matt Darfeuille <m...@shorewall.org> Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/ Homepage: https://shorewall.org _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
