Hi, One person, trying to access my website has troubles doing so. All other users do not have a problem. I have a cable modem, with a shorewall 1.4 machine behind it. On the second interface of the shorewall machine I have a few machines, of which one is the webserver. Checking the logfile I see the following messages: Aug 30 21:24:16 gatekeeper kernel: Shorewall:rfc1918:DROP:IN=eth1 OUT=eth0 SRC=84.119.226.171 DST=192.168.0.50 LEN=48 TOS=0x00 PREC=0x00 TTL=123 ID=14912 DF PROTO=TCP SPT=2198 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 It seems that he is trying to access my internal ip adress immediately, right? But when he ping of nslookups the website with the name (meuk.planjer.com) he gets the external ipadress. What could be wrong with my or his setup? regars, Felix
Upgrade your RFC file. -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Felix Planjer Sent: Tuesday, August 31, 2004 3:35 AM To: shorewall-users@lists.shorewall.net Subject: [Shorewall-users] DROPPED SYN Packets Hi, One person, trying to access my website has troubles doing so. All other users do not have a problem. I have a cable modem, with a shorewall 1.4 machine behind it. On the second interface of the shorewall machine I have a few machines, of which one is the webserver. Checking the logfile I see the following messages: Aug 30 21:24:16 gatekeeper kernel: Shorewall:rfc1918:DROP:IN=eth1 OUT=eth0 SRC=84.119.226.171 DST=192.168.0.50 LEN=48 TOS=0x00 PREC=0x00 TTL=123 ID=14912 DF PROTO=TCP SPT=2198 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 It seems that he is trying to access my internal ip adress immediately, right? But when he ping of nslookups the website with the name (meuk.planjer.com) he gets the external ipadress. What could be wrong with my or his setup? regars, Felix _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Felix Planjer wrote: | Hi, | | One person, trying to access my website has troubles doing so. All other | users do not have a problem. | | I have a cable modem, with a shorewall 1.4 machine behind it. On the second | interface of the shorewall machine I have a few machines, of which one is | the webserver. | | Checking the logfile I see the following messages: | Aug 30 21:24:16 gatekeeper kernel: Shorewall:rfc1918:DROP:IN=eth1 OUT=eth0 | SRC=84.119.226.171 DST=192.168.0.50 LEN=48 TOS=0x00 PREC=0x00 TTL=123 | ID=14912 DF PROTO=TCP SPT=2198 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 | | It seems that he is trying to access my internal ip adress immediately, | right? But when he ping of nslookups the website with the name | (meuk.planjer.com) he gets the external ipadress. | | What could be wrong with my or his setup? | | regars, You have ''norfc1918'' on eth1 in /etc/shorewall/interfaces and you haven''t kept your /etc/shorewall/rfc1918 file up to date. Download the latest version from the Shorewall errata page. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBM4NkO/MAbZfjDLIRAiYEAKCJbGtC24WFga0H1wbv6k0cHYSYvgCfV2MM OKzudqDD7Kox/QE2OBg8RWM=f6jI -----END PGP SIGNATURE-----
Thanks a lot.> -----Original Message----- > From: shorewall-users-bounces@lists.shorewall.net > [mailto:shorewall-users-bounces@lists.shorewall.net] On > Behalf Of Tom Eastep > Sent: maandag 30 augustus 2004 21:44 > To: Mailing List for Shorewall Users > Subject: Re: [Shorewall-users] DROPPED SYN Packets > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Felix Planjer wrote: > | Hi, > | > | One person, trying to access my website has troubles doing so. All > | other users do not have a problem. > | > | I have a cable modem, with a shorewall 1.4 machine behind it. On the > second > | interface of the shorewall machine I have a few machines, > of which one > | is the webserver. > | > | Checking the logfile I see the following messages: > | Aug 30 21:24:16 gatekeeper kernel: Shorewall:rfc1918:DROP:IN=eth1 > | OUT=eth0 > | SRC=84.119.226.171 DST=192.168.0.50 LEN=48 TOS=0x00 > PREC=0x00 TTL=123 > | ID=14912 DF PROTO=TCP SPT=2198 DPT=80 WINDOW=64240 RES=0x00 > SYN URGP=0 > | > | It seems that he is trying to access my internal ip adress > | immediately, right? But when he ping of nslookups the > website with the > | name > | (meuk.planjer.com) he gets the external ipadress. > | > | What could be wrong with my or his setup? > | > | regars, > > You have ''norfc1918'' on eth1 in /etc/shorewall/interfaces and > you haven''t kept your /etc/shorewall/rfc1918 file up to date. > Download the latest version from the Shorewall errata page. > > - -Tom > - -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFBM4NkO/MAbZfjDLIRAiYEAKCJbGtC24WFga0H1wbv6k0cHYSYvgCfV2MM > OKzudqDD7Kox/QE2OBg8RWM> =f6jI > -----END PGP SIGNATURE----- > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Felix Planjer wrote: | Thanks a lot. | And be sure to download the correct file -- I just noticed that the 1.4 Errata page incorrectly points to http://shorewall.net/pub/shorewall/errata/1.4.8/rfc1918. The 2.0 site has the correct URL: http://shorewall.net/pub/shorewall/errata/1.4.10/rfc1918 - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBM5LcO/MAbZfjDLIRAoFIAJ0Wptth8ZnyarWzQMoKhdLDmjwHbACgvRqE X6IVqNBudhdE5uMEmwScx4o=upaG -----END PGP SIGNATURE-----