OS: Mandrake 9.1
Shorewall: shorewall-1.4.8-1
Iptables: iptables-1.2.7a-2mdk
Iproute: iproute2-2.4.7-7mdk
I am getting the following in my logwatch from my shorwall firewall:
Rejected 96 packets on interface eth3
From 192.168.11.229 - 96 packets
To 132.239.1.6 - 96 packets
Service: ntp (udp/123) (Shorewall:FORWARD:REJECT:,eth3,eth0) - 96
packets
In my rules I have the following:
ACCEPT loc net udp ntp
It seems that this is the only machine that is having the problem, anybody have
any
ideas as to why?
I am also getting the following:
Rejected 24 packets on interface eth2
From 192.168.12.3 - 24 packets
To 192.168.12.2 - 20 packets
Service: domain (udp/53) (Shorewall:FORWARD:REJECT:,eth2,eth2) - 20
packets
To 192.168.12.3 - 4 packets
Service: domain (udp/53) (Shorewall:FORWARD:REJECT:,eth2,eth2) - 4
packets
This makes no sense since they are on the same subnet.
I do have the rules:
ACCEPT all dmz:192.168.12.2 udp domain -
ACCEPT all dmz:192.168.12.2 tcp domain -
ACCEPT all dmz:192.168.12.3 udp domain -
ACCEPT all dmz:192.168.12.3 tcp domain -
Mike
On Thursday 01 January 2004 09:45 am, Mike Noble wrote:> OS: Mandrake 9.1 > Shorewall: shorewall-1.4.8-1 > Iptables: iptables-1.2.7a-2mdk > Iproute: iproute2-2.4.7-7mdk > > I am getting the following in my logwatch from my shorwall firewall: > > Rejected 96 packets on interface eth3 > From 192.168.11.229 - 96 packets > To 132.239.1.6 - 96 packets > Service: ntp (udp/123) (Shorewall:FORWARD:REJECT:,eth3,eth0) - 96 > packets > > In my rules I have the following: > > ACCEPT loc net udp ntp > > It seems that this is the only machine that is having the problem, anybody > have any ideas as to why?How could we? You have shown us: a) Logwatch output showing IP addresses and interfaces. b) A rule expressed in terms of zones. Hint: Log messages are useless without the corresponding /etc/shorewall/interfaces file (and /etc/shorewall/hosts if use use it). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Thu, 1 Jan 2004, Tom Eastep wrote:> > I am getting the following in my logwatch from my shorwall firewall: > > > > Rejected 96 packets on interface eth3 > > From 192.168.11.229 - 96 packets > > To 132.239.1.6 - 96 packets > > Service: ntp (udp/123) (Shorewall:FORWARD:REJECT:,eth3,eth0) - 96 > > packets > > > > In my rules I have the following: > > > > ACCEPT loc net udp ntp > > > > It seems that this is the only machine that is having the problem, anybody > > have any ideas as to why? > > How could we? You have shown us: > > a) Logwatch output showing IP addresses and interfaces. > b) A rule expressed in terms of zones. > > Hint: Log messages are useless without the corresponding > /etc/shorewall/interfaces file (and /etc/shorewall/hosts if use use it). >One more hint: Logging is occurring out of the FORWARD chain -- FAQ #17 has something to say about that. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net