Hi all, Quick question: 3.0.6 I noticed that this macro setup in the rules file did not work. SVN/ACCEPT all all I had to add : fw net ACCEPT to my policy to get SVN to work? I searched the docs and FAQ but did not see anything other than policy may be a higher level rule? What have I missed? Thanks --john ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
On Thursday 13 April 2006 08:25, John Hill wrote:> Hi all, > > Quick question: > > 3.0.6 > > I noticed that this macro setup in the rules file did not work. > > SVN/ACCEPT all all > > I had to add : > fw net ACCEPT > > to my policy to get SVN to work? > > I searched the docs and FAQ but did not see anything other than policy > may be a higher level rule? > > What have I missed? >Without the "fw net ACCEPT" polcy, try to connect to the subversion server then LOOK AT YOUR LOG! With the help of Shorewall FAQ 17, you should be able to determine what traffic is being blocked and adjust your rules accordingly. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> On Thursday 13 April 2006 08:25, John Hill wrote: >> Hi all, >> >> Quick question: >> >> 3.0.6 >> >> I noticed that this macro setup in the rules file did not work. >> >> SVN/ACCEPT all all >> >> I had to add : >> fw net ACCEPT >> >> to my policy to get SVN to work? >> >> I searched the docs and FAQ but did not see anything other than policy >> may be a higher level rule? >> >> What have I missed? >> > > Without the "fw net ACCEPT" polcy, try to connect to the subversion server > then LOOK AT YOUR LOG! With the help of Shorewall FAQ 17, you should be able > to determine what traffic is being blocked and adjust your rules accordingly. > > -TomThat''s the problem all2all is rejecting it. It is as if the macro is not working. I can write a static accept rule: SECTION NEW ACCEPT all all tcp 443 This works? --john ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
Tom Eastep wrote:> On Thursday 13 April 2006 08:25, John Hill wrote: >> Hi all, >> >> Quick question: >> >> 3.0.6 >> >> I noticed that this macro setup in the rules file did not work. >> >> SVN/ACCEPT all all >> >> I had to add : >> fw net ACCEPT >> >> to my policy to get SVN to work? >> >> I searched the docs and FAQ but did not see anything other than policy >> may be a higher level rule? >> >> What have I missed? >> > > Without the "fw net ACCEPT" polcy, try to connect to the subversion server > then LOOK AT YOUR LOG! With the help of Shorewall FAQ 17, you should be able > to determine what traffic is being blocked and adjust your rules accordingly. > > -TomI''m dumb I se what it is sorry!! 443 not 587! --john ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
On Thursday 13 April 2006 12:23, John Hill wrote:> Tom Eastep wrote: > > On Thursday 13 April 2006 08:25, John Hill wrote: > >> Hi all, > >> > >> Quick question: > >> > >> 3.0.6 > >> > >> I noticed that this macro setup in the rules file did not work. > >> > >> SVN/ACCEPT all all > >> > >> I had to add : > >> fw net ACCEPT > >> > >> to my policy to get SVN to work? > >> > >> I searched the docs and FAQ but did not see anything other than policy > >> may be a higher level rule? > >> > >> What have I missed? > > > > Without the "fw net ACCEPT" polcy, try to connect to the subversion > > server then LOOK AT YOUR LOG! With the help of Shorewall FAQ 17, you > > should be able to determine what traffic is being blocked and adjust your > > rules accordingly. > > > > -Tom > > That''s the problem all2all is rejecting it. It is as if the macro is not > working. I can write a static accept rule: > SECTION NEW > ACCEPT all all tcp 443SVN is not port 443 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Thursday 13 April 2006 12:25, John Hill wrote:> > -Tom > > I''m dumb I se what it is sorry!! 443 not 587! >gateway:~ # grep -i subversion /etc/services svn 3690/tcp # Subversion svn 3690/udp # Subversion gateway:~ # -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep escribió:> On Thursday 13 April 2006 12:25, John Hill wrote: > >>> -Tom >> I''m dumb I se what it is sorry!! 443 not 587! >> > > gateway:~ # grep -i subversion /etc/services > svn 3690/tcp # Subversion > svn 3690/udp # Subversion > gateway:~ # > > -Tomsubversion usually runs on 443, 80, and 3690(less common)
Cristian Rodriguez wrote:> Tom Eastep escribió: >> On Thursday 13 April 2006 12:25, John Hill wrote: >> >>>> -Tom >>> I''m dumb I se what it is sorry!! 443 not 587! >>> >> gateway:~ # grep -i subversion /etc/services >> svn 3690/tcp # Subversion >> svn 3690/udp # Subversion >> gateway:~ # >> >> -Tom > > subversion usually runs on 443, 80, and 3690(less common) >I spaced it. I''m not running SVN service the client was doing https and 443 was blocked. I''ve been a good Shorewall boy for months, now I went and blew it. :-) --john ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
On Thursday 13 April 2006 13:15, John Hill wrote: ss common)> > I spaced it. I''m not running SVN service the client was doing https and > 443 was blocked. I''ve been a good Shorewall boy for months, now I went > and blew it. :-)Ok -- we''ll forgive you this time then :-) -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key