-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
As I pointed out to Wilson in a private message, this appears to show
that no other connection requests (other than port 3000) are being sent
from the client to the server (or at least no other connection requests
are being received by the Shorewall box).
Wilson: Are you sure that the client is supposed to open port 3001 on
the server and not the other way around (server opens port 3001 on the
client)? You could test that idea by:
tcpdump -nvvi eth0 port 3001
- -Tom
- -------- Original Message --------
Subject: 回覆: Re: [Shorewall-users] Port 3001 still have problem
Date: Wed, 28 Nov 2007 15:17:53 +0800 (CST)
From: Wilson Kwok <leiw324@yahoo.com.hk>
To: Tom Eastep <teastep@shorewall.net>
Tom,
Used this command that no relation with 3001 port.
15:19:55.176597 IP (tos 0x0, ttl 120, id 494, offset 0, flags [DF],
proto 6, length: 60) a.b.c.d.1033 > w.x.y.z.3000: P [tcp sum ok]
484:504(20) ack 45 win 65491
15:19:55.300186 IP (tos 0x0, ttl 127, id 3456, offset 0, flags [DF],
proto 6, length: 40) w.x.y.z.3000 > a.b.c.d.1033: . [tcp sum ok]
45:45(0) ack 504 win 16372
*/Tom Eastep <teastep@shorewall.net>/* 說:
Tom Eastep wrote:
> Wilson Kwok wrote:
>> Dear Tom,
>>
>> I see nothing ....
>>
>> [root@shorewall shorewall]# tcpdump -nvvi eth1 port 3001
>> tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture
size 96
>> bytes
>
> That means that the firewall is not receiving any connection
request on port
> 3001. So clearly it can''t forward a connection request if it
doesn''t receive
> one. If something is blocking port 3001, it is occurring in front
of the
> Shorewall box.
>
> Do you have a firewall on the client system that you are trying to
connect from?
You can also try this:
tcpdump -nvvi eth1 host w.x.y.z
That will show all traffic to/from w.x.y.z and will tell you
if the
client is trying to connect on another port besides 3000 and 3001.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
- ------------------------------------------------------------------------
Yahoo! 網上安全攻略,教你如何防範黑客! *了解更多*
<http://hk.promo.yahoo.com/security/index.html>
- --
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFHTZarO/MAbZfjDLIRAv0BAKCWNDKLNVwVNoxqZqO3/FmWatHdAwCfRosZ
alDKFVE0TejnH8VexKYemyA=9A0L
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell. From the desktop to the data center, Linux is going
mainstream. Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
Dear Tom,
I called vendor to help me test this situation, I will post here if there
have new outcome.
Thx
Tom Eastep <teastep@shorewall.net> 說:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
As I pointed out to Wilson in a private message, this appears to show
that no other connection requests (other than port 3000) are being sent
from the client to the server (or at least no other connection requests
are being received by the Shorewall box).
Wilson: Are you sure that the client is supposed to open port 3001 on
the server and not the other way around (server opens port 3001 on the
client)? You could test that idea by:
tcpdump -nvvi eth0 port 3001
- -Tom
- -------- Original Message --------
Subject: 回覆: Re: [Shorewall-users] Port 3001 still have problem
Date: Wed, 28 Nov 2007 15:17:53 +0800 (CST)
From: Wilson Kwok
To: Tom Eastep
Tom,
Used this command that no relation with 3001 port.
15:19:55.176597 IP (tos 0x0, ttl 120, id 494, offset 0, flags [DF],
proto 6, length: 60) a.b.c.d.1033 > w.x.y.z.3000: P [tcp sum ok]
484:504(20) ack 45 win 65491
15:19:55.300186 IP (tos 0x0, ttl 127, id 3456, offset 0, flags [DF],
proto 6, length: 40) w.x.y.z.3000 > a.b.c.d.1033: . [tcp sum ok]
45:45(0) ack 504 win 16372
*/Tom Eastep /* 說:
Tom Eastep wrote:> Wilson Kwok wrote:
>> Dear Tom,
>>
>> I see nothing ....
>>
>> [root@shorewall shorewall]# tcpdump -nvvi eth1 port 3001
>> tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture
size 96>> bytes
>
> That means that the firewall is not receiving any connection
request on port> 3001. So clearly it can''t forward a connection request if it
doesn''t receive> one. If something is blocking port 3001, it is occurring in front
of the> Shorewall box.
>
> Do you have a firewall on the client system that you are trying to
connect from?
You can also try this:
tcpdump -nvvi eth1 host w.x.y.z
That will show all traffic to/from w.x.y.z and will tell you
if the
client is trying to connect on another port besides 3000 and 3001.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
- ------------------------------------------------------------------------
Yahoo! 網上安全攻略,教你如何防範黑客! *了解更多*
- --
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFHTZarO/MAbZfjDLIRAv0BAKCWNDKLNVwVNoxqZqO3/FmWatHdAwCfRosZ
alDKFVE0TejnH8VexKYemyA=9A0L
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell. From the desktop to the data center, Linux is going
mainstream. Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
---------------------------------
Yahoo! 網上安全攻略,教你如何防範黑客! 了解更多
-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell. From the desktop to the data center, Linux is going
mainstream. Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
Wilson Kwok wrote:> Dear Tom, > > I called vendor to help me test this situation, I will post here if > there have new outcome.Thanks, Wilson. Please let us know how it turns out. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4