J. van Tilburg / OSLinux V.o.f.
2005-Jun-27 15:28 UTC
Bridging problem with Shorewall and OpenVpn
Hello All,
I am trying to implement OpenVPN on Fedora core Linux 3 with the latest
pathces
installed. This server is used only as firewall/internet gateway/proxy/VPN
server, with kernel 2.6.1-1.27.FC3 and kernel 2.6.1-1.27.FC3 SMP
It has two NIC''s eth0 (10.0.0.150) connected to ADSL, eth1
(192.168.3.12)
connected to the local network.
I use shorewall 2.4 on this machine.
I like to test a situation where shorewall and openvpn run on the
server, enabling me
to connect through openvpn using a remote notebook, a so called road
warrior.
From the notebook I would like to be able to browse the local network,
behind the vpn server, for shared resources (samba).
That''s why I am trying to implement bridging on this VPN server.
Problems arise when I try to set up bridging in cooperation with shorewall.
Setting up the bridge br0 with tap0, tap1 and eth1, without shorewall works
fine.
using the "brctl show" command shows that the bridge is working with
the
right
interfaces (tap0, tap1 and eth1).
In this situation I can ping from the firewall machine to a local
network pc
and receive answer. From the local network pc, I can browse the internet
through the firewall machine.
but when I start shorewall, I receive no ping answer anymore from the local
network pc, and I cannot browse the internet anymore from the local
network pc.
The strange thing is that the /var/log/messages file contains shorewall
output
telling me that it accepted the ping request from the firewall to the local
network pc even though I dont receive an answer back.
it says something like ACCEPT fw2loc out=br0 Phys out=eth1
source=192.168.3.12
dest=192.168.3.10 Proto=icmp which is correct.
I have IP Forwarding set to on.
setting Bridging=Yes or No in shorewall.conf makes no difference at all.
here''s my shorewall configuration:
Hosts
#ZONE HOST(S) OPTIONS
loc br0:eth1
road br0:tap+
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE
Interfaces
#ZONE INTERFACE BROADCAST OPTIONS GATEWAY
net eth0 10.0.0.255
nobogons,routefilter,logmartians,tcpflags,arp_filter,nosmurfs
#loc eth1 detect
- br0 detect
#
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
Masq
eth0 192.168.3.0/24
Policy
#SOURCE DEST POLICY LOG LIMIT:BURST
# LEVEL
fw loc ACCEPT info
#loc fw ACCEPT info
loc net ACCEPT info
road loc ACCEPT info
loc road ACCEPT info
net all DROP info
all all REJECT info
#LAST LINE -- DO NOT REMOVE
Rules
####################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE
ORIGINAL RATE USER/
# PORT PORT(S) DEST
LIMIT GROUP
AllowPing loc fw
AllowPing fw net
RejectAuth net fw
RejectAuth fw net
AllowDNS fw net
#AllowFTP fw net
AllowWeb fw net
REJECT loc net tcp 80,443
#
# squid
ACCEPT loc fw tcp 3128
#
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
Tunnels
# TYPE ZONE GATEWAY GATEWAY ZONE
openvpn:1194 net 0.0.0.0/0
#
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
Zones
#ZONE DISPLAY COMMENTS
net Internet The big bad Internet
loc Local The Local network
road Home workers
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
I use this script to set up the bridge at startup time
#!/bin/bash
#
# Replace eth1 with TAP/bridge interfaces
#
# chkconfig: 2345 11 89
# description: Create TAP/bridge interfaces
. /etc/rc.d/init.d/functions
start() {
#maxtap=15
maxtap=2
. /etc/sysconfig/network-scripts/ifcfg-eth1
echo "Create TAP/bridge interfaces:"
modprobe tun
modprobe bridge
ifconfig eth1 down
for i in `seq 0 ${maxtap}`; do
openvpn --mktun --dev tap${i}
done
sleep 1
brctl addbr br0
brctl addif br0 eth1
sleep 1
for i in `seq 0 ${maxtap}`; do
brctl addif br0 tap${i}
done
sleep 1
for i in `seq 0 ${maxtap}`; do
ifconfig tap${i} 0.0.0.0 promisc up
done
sleep 1
ifconfig eth1 0.0.0.0 promisc up
sleep 1
#ifconfig br0 192.168.3.12 netmask 255.255.255.0 broadcast 192.168.3.255
&& success || failure
ifconfig br0 ${IPADDR} netmask ${NETMASK} broadcast ${BROADCAST} &&
success || failure
RETVAL=$?
sleep 1
echo
}
stop() {
echo "TAP/bridge fake shutdown (we never stop)"
RETVAL=$?
success
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo $"Usage: $0 {start|stop|restart}"
RETVAL=1
esac
exit $RETVAL
Here''s the output from SHOREWALL status
I have done two things before creating this status file
- ping from local pc (192.168.3.10) to adsl modem 10.0.0.138 (timeout''s
received)
- from webbrowser try to connect to website at 80.61.1.68 (timeout''s
received)
-------------------------------------------------------
Shorewall-2.4.0 Status at gw01.intranet.oslinux.nl - Mon Jun 27 16:34:46
CEST 2005
Counters reset Mon Jun 27 16:33:37 CEST 2005
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination 0 0 ACCEPT all -- lo *
0.0.0.0/0 0.0.0.0/0 0 0 DROP !icmp --
* * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 eth0_in all -- eth0 * 0.0.0.0/0
0.0.0.0/0 6 288 br0_in all -- br0 *
0.0.0.0/0 0.0.0.0/0 0 0 Reject all --
* * 0.0.0.0/0 0.0.0.0/0 0 0
LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:INPUT:REJECT:''
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination 0 0 DROP !icmp -- * *
0.0.0.0/0 0.0.0.0/0 state INVALID
4 240 eth0_fwd all -- eth0 * 0.0.0.0/0
0.0.0.0/0 4 240 br0_fwd all -- br0 *
0.0.0.0/0 0.0.0.0/0 0 0 Reject all --
* * 0.0.0.0/0 0.0.0.0/0 0 0
LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:FORWARD:REJECT:''
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination 0 0 ACCEPT all -- * lo
0.0.0.0/0 0.0.0.0/0 6 240 DROP !icmp --
* * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 fw2net all -- * eth0 0.0.0.0/0
0.0.0.0/0 0 0 fw2loc all -- * br0
0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out eth1
0 0 all2all all -- * br0 0.0.0.0/0
0.0.0.0/0 PHYSDEV match --physdev-out tap+
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0 0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:OUTPUT:REJECT:''
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain AllowDNS (1 references)
pkts bytes target prot opt in out source
destination 0 0 ACCEPT udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:53
Chain AllowICMPs (2 references)
pkts bytes target prot opt in out source
destination 0 0 ACCEPT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 11
Chain AllowPing (2 references)
pkts bytes target prot opt in out source
destination 0 0 ACCEPT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 8
Chain AllowWeb (1 references)
pkts bytes target prot opt in out source
destination 0 0 ACCEPT tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:443
Chain Drop (1 references)
pkts bytes target prot opt in out source
destination 4 240 RejectAuth all -- * *
0.0.0.0/0 0.0.0.0/0 4 240 dropBcast all --
* * 0.0.0.0/0 0.0.0.0/0 4 240
AllowICMPs icmp -- * * 0.0.0.0/0
0.0.0.0/0 4 240 dropInvalid all -- * *
0.0.0.0/0 0.0.0.0/0 0 0 DropSMB all --
* * 0.0.0.0/0 0.0.0.0/0 0 0
DropUPnP all -- * * 0.0.0.0/0
0.0.0.0/0 0 0 dropNotSyn tcp -- * *
0.0.0.0/0 0.0.0.0/0 0 0 DropDNSrep all --
* * 0.0.0.0/0 0.0.0.0/0
Chain DropDNSrep (2 references)
pkts bytes target prot opt in out source
destination 0 0 DROP udp -- * *
0.0.0.0/0 0.0.0.0/0 udp spt:53
Chain DropSMB (1 references)
pkts bytes target prot opt in out source
destination 0 0 DROP udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpt:135
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:137:139
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:445
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:135
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:139
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:445
Chain DropUPnP (2 references)
pkts bytes target prot opt in out source
destination 0 0 DROP udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpt:1900
Chain Reject (4 references)
pkts bytes target prot opt in out source
destination 0 0 RejectAuth all -- * *
0.0.0.0/0 0.0.0.0/0 0 0 dropBcast all --
* * 0.0.0.0/0 0.0.0.0/0 0 0
AllowICMPs icmp -- * * 0.0.0.0/0
0.0.0.0/0 0 0 dropInvalid all -- * *
0.0.0.0/0 0.0.0.0/0 0 0 RejectSMB all --
* * 0.0.0.0/0 0.0.0.0/0 0 0
DropUPnP all -- * * 0.0.0.0/0
0.0.0.0/0 0 0 dropNotSyn tcp -- * *
0.0.0.0/0 0.0.0.0/0 0 0 DropDNSrep all --
* * 0.0.0.0/0 0.0.0.0/0
Chain RejectAuth (4 references)
pkts bytes target prot opt in out source
destination 0 0 DROP tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:113
Chain RejectSMB (1 references)
pkts bytes target prot opt in out source
destination 0 0 reject udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpt:135
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:445
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:135
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:139
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:445
Chain all2all (5 references)
pkts bytes target prot opt in out source
destination 0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0 0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:all2all:REJECT:''
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain bogons (30 references)
pkts bytes target prot opt in out source
destination 0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:bogons:DROP:''
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain br0_fwd (1 references)
pkts bytes target prot opt in out source
destination 4 240 dynamic all -- * *
0.0.0.0/0 0.0.0.0/0 state INVALID,NEW
4 240 loc2net all -- * eth0 0.0.0.0/0
0.0.0.0/0 PHYSDEV match --physdev-in eth1
0 0 loc2road all -- * br0 0.0.0.0/0
0.0.0.0/0 PHYSDEV match --physdev-in eth1 --physdev-out tap+
0 0 all2all all -- * eth0 0.0.0.0/0
0.0.0.0/0 PHYSDEV match --physdev-in tap+
0 0 road2loc all -- * br0 0.0.0.0/0
0.0.0.0/0 PHYSDEV match --physdev-in tap+ --physdev-out eth1
0 0 ACCEPT all -- * br0 0.0.0.0/0
0.0.0.0/0 PHYSDEV match --physdev-in eth1 --physdev-out eth1
0 0 ACCEPT all -- * br0 0.0.0.0/0
0.0.0.0/0 PHYSDEV match --physdev-in tap+ --physdev-out tap+
Chain br0_in (1 references)
pkts bytes target prot opt in out source
destination 6 288 dynamic all -- * *
0.0.0.0/0 0.0.0.0/0 state INVALID,NEW
6 288 loc2fw all -- * * 0.0.0.0/0
0.0.0.0/0 PHYSDEV match --physdev-in eth1
0 0 all2all all -- * * 0.0.0.0/0
0.0.0.0/0 PHYSDEV match --physdev-in tap+
Chain dropBcast (2 references)
pkts bytes target prot opt in out source
destination 0 0 DROP all -- * *
0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = multicast
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source
destination 4 240 DROP all -- * *
0.0.0.0/0 0.0.0.0/0 state INVALID
Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source
destination 0 0 DROP tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02
Chain dynamic (4 references)
pkts bytes target prot opt in out source
destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source
destination 4 240 dynamic all -- * *
0.0.0.0/0 0.0.0.0/0 state INVALID,NEW
4 240 smurfs all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
0 0 nobogons all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 4 240 net2loc all -- * br0
0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out eth1
0 0 net2all all -- * br0 0.0.0.0/0
0.0.0.0/0 PHYSDEV match --physdev-out tap+
Chain eth0_in (1 references)
pkts bytes target prot opt in out source
destination 0 0 dynamic all -- * *
0.0.0.0/0 0.0.0.0/0 state INVALID,NEW
0 0 smurfs all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
0 0 nobogons all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 0 0 net2fw all -- * *
0.0.0.0/0 0.0.0.0/0
Chain fw2loc (1 references)
pkts bytes target prot opt in out source
destination 0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:fw2loc:ACCEPT:''
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source
destination 0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:1194
0 0 AllowPing all -- * * 0.0.0.0/0
0.0.0.0/0 0 0 RejectAuth all -- * *
0.0.0.0/0 0.0.0.0/0 0 0 AllowDNS all --
* * 0.0.0.0/0 0.0.0.0/0 0 0
AllowWeb all -- * * 0.0.0.0/0
0.0.0.0/0 0 0 all2all all -- * *
0.0.0.0/0 0.0.0.0/0
Chain loc2fw (1 references)
pkts bytes target prot opt in out source
destination 0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
6 288 AllowPing all -- * * 0.0.0.0/0
0.0.0.0/0 6 288 ACCEPT tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
0 0 all2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain loc2net (1 references)
pkts bytes target prot opt in out source
destination 0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 80,443
4 240 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:loc2net:ACCEPT:''
4 240 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain loc2road (1 references)
pkts bytes target prot opt in out source
destination 0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:loc2road:ACCEPT:''
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain logflags (5 references)
pkts bytes target prot opt in out source
destination 0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 4 level 6 prefix
`Shorewall:logflags:DROP:''
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net2all (3 references)
pkts bytes target prot opt in out source
destination 0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
4 240 Drop all -- * * 0.0.0.0/0
0.0.0.0/0 0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:net2all:DROP:''
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source
destination 0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:1194
0 0 RejectAuth all -- * * 0.0.0.0/0
0.0.0.0/0 0 0 net2all all -- * *
0.0.0.0/0 0.0.0.0/0
Chain net2loc (1 references)
pkts bytes target prot opt in out source
destination 0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.3.8 tcp dpt:25
4 240 net2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain newnotsyn (10 references)
pkts bytes target prot opt in out source
destination 0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:newnotsyn:DROP:''
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain nobogons (2 references)
pkts bytes target prot opt in out source
destination 0 0 RETURN all -- * *
0.0.0.0 0.0.0.0/0 0 0 RETURN all --
* * 255.255.255.255 0.0.0.0/0 0 0
DROP all -- * * 169.254.0.0/16
0.0.0.0/0 0 0 bogons all -- * *
192.0.2.0/24 0.0.0.0/0 0 0 bogons all --
* * 0.0.0.0/7 0.0.0.0/0 0 0
bogons all -- * * 2.0.0.0/8
0.0.0.0/0 0 0 bogons all -- * *
5.0.0.0/8 0.0.0.0/0 0 0 bogons all --
* * 7.0.0.0/8 0.0.0.0/0 0 0
bogons all -- * * 23.0.0.0/8
0.0.0.0/0 0 0 bogons all -- * *
27.0.0.0/8 0.0.0.0/0 0 0 bogons all --
* * 31.0.0.0/8 0.0.0.0/0 0 0
bogons all -- * * 36.0.0.0/7
0.0.0.0/0 0 0 bogons all -- * *
39.0.0.0/8 0.0.0.0/0 0 0 bogons all --
* * 42.0.0.0/8 0.0.0.0/0 0 0
bogons all -- * * 49.0.0.0/8
0.0.0.0/0 0 0 bogons all -- * *
50.0.0.0/8 0.0.0.0/0 0 0 bogons all --
* * 74.0.0.0/7 0.0.0.0/0 0 0
bogons all -- * * 76.0.0.0/6
0.0.0.0/0 0 0 bogons all -- * *
89.0.0.0/8 0.0.0.0/0 0 0 bogons all --
* * 90.0.0.0/7 0.0.0.0/0 0 0
bogons all -- * * 92.0.0.0/6
0.0.0.0/0 0 0 bogons all -- * *
96.0.0.0/3 0.0.0.0/0 0 0 bogons all --
* * 127.0.0.0/8 0.0.0.0/0 0 0
bogons all -- * * 173.0.0.0/8
0.0.0.0/0 0 0 bogons all -- * *
174.0.0.0/7 0.0.0.0/0 0 0 bogons all --
* * 176.0.0.0/5 0.0.0.0/0 0 0
bogons all -- * * 184.0.0.0/6
0.0.0.0/0 0 0 bogons all -- * *
189.0.0.0/8 0.0.0.0/0 0 0 bogons all --
* * 190.0.0.0/8 0.0.0.0/0 0 0
bogons all -- * * 197.0.0.0/8
0.0.0.0/0 0 0 bogons all -- * *
198.18.0.0/15 0.0.0.0/0 0 0 bogons all --
* * 223.0.0.0/8 0.0.0.0/0 0 0
bogons all -- * * 240.0.0.0/4 0.0.0.0/0
Chain reject (11 references)
pkts bytes target prot opt in out source
destination 0 0 DROP all -- * *
0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = multicast
0 0 DROP all -- * * 10.0.0.255
0.0.0.0/0 0 0 DROP all -- * *
192.168.3.255 0.0.0.0/0 0 0 DROP all --
* * 255.255.255.255 0.0.0.0/0 0 0
DROP all -- * * 224.0.0.0/4
0.0.0.0/0 0 0 REJECT tcp -- * *
0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-prohibited
Chain road2loc (1 references)
pkts bytes target prot opt in out source
destination 0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:road2loc:ACCEPT:''
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain shorewall (0 references)
pkts bytes target prot opt in out source
destination
Chain smurfs (2 references)
pkts bytes target prot opt in out source
destination 0 0 LOG all -- * *
10.0.0.255 0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 10.0.0.255
0.0.0.0/0 0 0 LOG all -- * *
192.168.3.255 0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 192.168.3.255
0.0.0.0/0 0 0 LOG all -- * *
255.255.255.255 0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 255.255.255.255
0.0.0.0/0 0 0 LOG all -- * *
224.0.0.0/4 0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 224.0.0.0/4
0.0.0.0/0
Chain tcpflags (2 references)
pkts bytes target prot opt in out source
destination 0 0 logflags tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:0 flags:0x16/0x02
Jun 27 16:30:08 loc2road:ACCEPT:IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=tap2
SRC=192.168.3.10 DST=192.168.3.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=46363 PROTO=UDP SPT=137 DPT=137 LEN=58
Jun 27 16:30:08 loc2road:ACCEPT:IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=tap1
SRC=192.168.3.10 DST=192.168.3.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=46363 PROTO=UDP SPT=137 DPT=137 LEN=58
Jun 27 16:30:08 loc2road:ACCEPT:IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=tap0
SRC=192.168.3.10 DST=192.168.3.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=46363 PROTO=UDP SPT=137 DPT=137 LEN=58
Jun 27 16:31:40 loc2road:ACCEPT:IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=tap2
SRC=192.168.3.10 DST=192.168.3.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=46454 PROTO=UDP SPT=137 DPT=137 LEN=58
Jun 27 16:31:40 loc2road:ACCEPT:IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=tap1
SRC=192.168.3.10 DST=192.168.3.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=46454 PROTO=UDP SPT=137 DPT=137 LEN=58
Jun 27 16:31:40 loc2road:ACCEPT:IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=tap0
SRC=192.168.3.10 DST=192.168.3.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=46454 PROTO=UDP SPT=137 DPT=137 LEN=58
Jun 27 16:31:40 loc2road:ACCEPT:IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=tap2
SRC=192.168.3.10 DST=192.168.3.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=46457 PROTO=UDP SPT=137 DPT=137 LEN=58
Jun 27 16:31:40 loc2road:ACCEPT:IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=tap1
SRC=192.168.3.10 DST=192.168.3.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=46457 PROTO=UDP SPT=137 DPT=137 LEN=58
Jun 27 16:31:40 loc2road:ACCEPT:IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=tap0
SRC=192.168.3.10 DST=192.168.3.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=46457 PROTO=UDP SPT=137 DPT=137 LEN=58
Jun 27 16:31:41 loc2road:ACCEPT:IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=tap2
SRC=192.168.3.10 DST=192.168.3.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=46458 PROTO=UDP SPT=137 DPT=137 LEN=58
Jun 27 16:31:41 loc2road:ACCEPT:IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=tap1
SRC=192.168.3.10 DST=192.168.3.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=46458 PROTO=UDP SPT=137 DPT=137 LEN=58
Jun 27 16:31:41 loc2road:ACCEPT:IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=tap0
SRC=192.168.3.10 DST=192.168.3.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128
ID=46458 PROTO=UDP SPT=137 DPT=137 LEN=58
Jun 27 16:32:42 fw2loc:ACCEPT:IN= OUT=br0 PHYSOUT=eth1 SRC=192.168.3.12
DST=192.168.3.10 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP
TYPE=8 CODE=0 ID=1046 SEQ=0
Jun 27 16:32:43 fw2loc:ACCEPT:IN= OUT=br0 PHYSOUT=eth1 SRC=192.168.3.12
DST=192.168.3.10 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=1 DF PROTO=ICMP
TYPE=8 CODE=0 ID=1046 SEQ=1
Jun 27 16:32:44 fw2loc:ACCEPT:IN= OUT=br0 PHYSOUT=eth1 SRC=192.168.3.12
DST=192.168.3.10 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=2 DF PROTO=ICMP
TYPE=8 CODE=0 ID=1046 SEQ=2
Jun 27 16:32:45 fw2loc:ACCEPT:IN= OUT=br0 PHYSOUT=eth1 SRC=192.168.3.12
DST=192.168.3.10 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=3 DF PROTO=ICMP
TYPE=8 CODE=0 ID=1046 SEQ=3
Jun 27 16:33:42 loc2net:ACCEPT:IN=br0 OUT=eth0 PHYSIN=eth1
SRC=192.168.3.10 DST=10.0.0.138 LEN=60 TOS=0x00 PREC=0x00 TTL=127
ID=46502 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=10496
Jun 27 16:33:43 loc2net:ACCEPT:IN=br0 OUT=eth0 PHYSIN=eth1
SRC=192.168.3.10 DST=10.0.0.138 LEN=60 TOS=0x00 PREC=0x00 TTL=127
ID=46503 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=10752
Jun 27 16:33:44 loc2net:ACCEPT:IN=br0 OUT=eth0 PHYSIN=eth1
SRC=192.168.3.10 DST=10.0.0.138 LEN=60 TOS=0x00 PREC=0x00 TTL=127
ID=46504 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=11008
Jun 27 16:33:46 loc2net:ACCEPT:IN=br0 OUT=eth0 PHYSIN=eth1
SRC=192.168.3.10 DST=10.0.0.138 LEN=60 TOS=0x00 PREC=0x00 TTL=127
ID=46506 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=11264
NAT Table
Chain PREROUTING (policy ACCEPT 10 packets, 528 bytes)
pkts bytes target prot opt in out source
destination 0 0 net_dnat all -- eth0 *
0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination 4 240 eth0_masq all -- * eth0
0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain eth0_masq (1 references)
pkts bytes target prot opt in out source
destination 4 240 MASQUERADE all -- * *
192.168.3.0/24 0.0.0.0/0
Chain net_dnat (1 references)
pkts bytes target prot opt in out source
destination 0 0 DNAT tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:25 to:192.168.3.8
Mangle Table
Chain PREROUTING (policy ACCEPT 14 packets, 768 bytes)
pkts bytes target prot opt in out source
destination
Chain INPUT (policy ACCEPT 6 packets, 288 bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 8 packets, 480 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 6 packets, 240 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 4 packets, 240 bytes)
pkts bytes target prot opt in out source
destination
IP Configuration
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:01:02:98:42:74 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.150/24 brd 10.0.0.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen
1000
link/ether 00:04:76:19:1f:fa brd ff:ff:ff:ff:ff:ff
4: tap0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc noqueue
link/ether ae:c6:94:38:8c:9d brd ff:ff:ff:ff:ff:ff
5: tap1: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc noqueue
link/ether ca:fb:ec:71:e3:c0 brd ff:ff:ff:ff:ff:ff
6: tap2: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc noqueue
link/ether 5e:5f:4f:cf:81:3b brd ff:ff:ff:ff:ff:ff
7: br0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 00:04:76:19:1f:fa brd ff:ff:ff:ff:ff:ff
inet 192.168.3.12/24 brd 192.168.3.255 scope global br0
IP Stats
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast 0
0 0 0 0 0 TX: bytes packets errors
dropped carrier collsns
0 0 0 0 0 0 2: eth0:
<BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:01:02:98:42:74 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast 15469
77 0 0 0 0 TX: bytes packets errors
dropped carrier collsns
1072 16 0 0 0 0 3: eth1:
<BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:04:76:19:1f:fa brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast 4342
48 0 0 0 0 TX: bytes packets errors
dropped carrier collsns
1542 20 0 0 0 0 4: tap0:
<BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc noqueue
link/ether ae:c6:94:38:8c:9d brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast 0
0 0 0 0 0 TX: bytes packets errors
dropped carrier collsns
0 0 0 20 0 0 5: tap1:
<BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc noqueue
link/ether ca:fb:ec:71:e3:c0 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast 0
0 0 0 0 0 TX: bytes packets errors
dropped carrier collsns
0 0 0 20 0 0 6: tap2:
<BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc noqueue
link/ether 5e:5f:4f:cf:81:3b brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast 0
0 0 0 0 0 TX: bytes packets errors
dropped carrier collsns
0 0 0 20 0 0 7: br0:
<BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 00:04:76:19:1f:fa brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast 3670
48 0 0 0 0 TX: bytes packets errors
dropped carrier collsns
3994 61 0 0 0 0
/proc
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/br0/proxy_arp = 0
/proc/sys/net/ipv4/conf/br0/arp_filter = 0
/proc/sys/net/ipv4/conf/br0/rp_filter = 0
/proc/sys/net/ipv4/conf/br0/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 0
/proc/sys/net/ipv4/conf/default/log_martians = 0
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 1
/proc/sys/net/ipv4/conf/eth0/rp_filter = 1
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 0
/proc/sys/net/ipv4/conf/eth1/log_martians = 0
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 0
/proc/sys/net/ipv4/conf/tap0/proxy_arp = 0
/proc/sys/net/ipv4/conf/tap0/arp_filter = 0
/proc/sys/net/ipv4/conf/tap0/rp_filter = 0
/proc/sys/net/ipv4/conf/tap0/log_martians = 0
/proc/sys/net/ipv4/conf/tap1/proxy_arp = 0
/proc/sys/net/ipv4/conf/tap1/arp_filter = 0
/proc/sys/net/ipv4/conf/tap1/rp_filter = 0
/proc/sys/net/ipv4/conf/tap1/log_martians = 0
/proc/sys/net/ipv4/conf/tap2/proxy_arp = 0
/proc/sys/net/ipv4/conf/tap2/arp_filter = 0
/proc/sys/net/ipv4/conf/tap2/rp_filter = 0
/proc/sys/net/ipv4/conf/tap2/log_martians = 0
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
broadcast 192.168.3.0 dev br0 proto kernel scope link src 192.168.3.12
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 10.0.0.0 dev eth0 proto kernel scope link src 10.0.0.150
local 10.0.0.150 dev eth0 proto kernel scope host src 10.0.0.150
broadcast 192.168.3.255 dev br0 proto kernel scope link src 192.168.3.12
local 192.168.3.12 dev br0 proto kernel scope host src 192.168.3.12
broadcast 10.0.0.255 dev eth0 proto kernel scope link src 10.0.0.150
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
192.168.3.0/24 dev br0 proto kernel scope link src 192.168.3.12
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.150
default via 10.0.0.138 dev eth0
ARP
? (10.0.0.138) at 00:90:D0:87:68:3D [ether] on eth0
? (192.168.3.10) at 00:01:02:98:41:68 [ether] on br0
? (192.168.3.8) at 00:80:1E:11:7E:DE [ether] on br0
I have tried everything I could using both the normal and the SMP
kernel, but to no success so far.
What''s wrong here. I really don''t know.
Any help will be much appreciated.
Thank you in advance.
Regards,
J. van Tilburg
On Monday 27 June 2005 17:28, J. van Tilburg / OSLinux V.o.f. wrote:> Hello All, > > I am trying to implement OpenVPN on Fedora core Linux 3 with the latest > pathces > installed. This server is used only as firewall/internet gateway/proxy/VPN > server, with kernel 2.6.1-1.27.FC3 and kernel 2.6.1-1.27.FC3 SMPHi J., are you sure that your FC3 with "latest patches" is running a "2.6.1-1.27.FC3" and not a "2.6.11-1.27_FC3" kernel? In case of a typo on your side and running 2.6.11-1.27_FC3 (or 2.6.11-1.35_FC3) read this post: http://lists.shorewall.net/pipermail/shorewall-users/2005-June/018971.html Otherwise let us know and I will read your last post again. HTH, Alex
J. van Tilburg / OSLinux V.o.f.
2005-Jun-29 08:46 UTC
Bridging problem with Shorewall and OpenVpn
>On Monday 27 June 2005 17:28, J. van Tilburg / OSLinux V.o.f. wrote: >/> Hello All,/>> //>>/ I am trying to implement OpenVPN on Fedora core Linux 3 with the latest />/> pathces />>/ installed. This server is used only as firewall/internet gateway/proxy/VPN />>/ server, with kernel 2.6.1-1.27.FC3 and kernel 2.6.1-1.27.FC3 SMP />Hi J.,>are you sure that your FC3 with "latest patches" is running a "2.6.1-1.27.FC3" >and not a "2.6.11-1.27_FC3" kernel?>In case of a typo on your side and running 2.6.11-1.27_FC3 (or >2.6.11-1.35_FC3) read this post:http://lists.shorewall.net/pipermail/shorewall-users/2005-June/018971.html>Otherwise let us know and I will read your last post again.>HTH, >AlexHello Alex, Sorry for the stupid mistake, I am indeed running the 2.6.11-1.27_FC3 kernel so I guess the post that you mentioned in the url you supplied is the problem. Unfortunately I don''t have a 2.6.11-1.14_FC3 kernel on my system anymore and could not find one either at the FC3 update site, so I was not able to test it, but the symptoms I am experiencing are the same as those mentioned in previous posts by Tom Eastep, Ian Mortimer and Christian Rodriguez. Thanks anyway, and I hope this will be solved soon. Regards, Jeroen van Tilburg
2005/6/29, J. van Tilburg / OSLinux V.o.f. <info@oslinux.nl>:> Hello Alex, > > Sorry for the stupid mistake, I am indeed running the 2.6.11-1.27_FC3 kernel > so I guess the post that you mentioned in the url you supplied is the problem. > > Unfortunately I don''t have a 2.6.11-1.14_FC3 kernel on my system anymore and could > not find one either at the FC3 update site, so I was not able to test it, > but the symptoms I am experiencing are the same as those mentioned in previous posts > by Tom Eastep, Ian Mortimer and Christian Rodriguez. > > Thanks anyway, and I hope this will be solved soon. > > Regards, > Jeroen van Tilburganybody issued a bug report on fedora bugzilla related to this issue? (I''m not using FC so I cant :P ) -- Cristian Rodriguez. "for DVDs in Linux screw the MPAA and ; do dig $DVDs.z.zoy.org ; done | \ perl -ne ''s/\.//g; print pack("H224",$1) if(/^x([^z]*)/)'' | gunzip"
anybody issued a bug report on fedora bugzilla related to this issue? (I''m not using FC so I cant :P ) -- It''s been filed... https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159693 Jerry
2005/6/28, Alexander Wilms <alex.wilms@adminguru.org>:> Hi J., > > are you sure that your FC3 with "latest patches" is running a "2.6.1-1.27.FC3" > and not a "2.6.11-1.27_FC3" kernel? > > In case of a typo on your side and running 2.6.11-1.27_FC3 (or > 2.6.11-1.35_FC3) read this post: > http://lists.shorewall.net/pipermail/shorewall-users/2005-June/018971.html > > Otherwise let us know and I will read your last post again. > > HTH, > Alexhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159693 -- Cristian Rodriguez. "for DVDs in Linux screw the MPAA and ; do dig $DVDs.z.zoy.org ; done | \ perl -ne ''s/\.//g; print pack("H224",$1) if(/^x([^z]*)/)'' | gunzip"