Sep 12 18:23:01 gateway kernel: Shorewall:all2all:REJECT:IN= OUT=eth1 SRC=192.168.118.49 DST=192.168.118.10 LEN=53 TOS=0x00 PREC=0x00 TTL=64 ID=18161 DF PROTO=UDP SPT=1041 DPT=53 LEN=33 Hi! Shorewall Users Above is my error log with DNS port (53) in my local network. I have add the rules in my Shorewall firewall but still getting the error above. ACCEPT loc fw tcp 53 ACCEPT loc fw udp 53 My shorewall loc is 192.168.118.49 and my local dns server is 192.168.118.10 Best Regards, Support
With out the policy file this is a little foggy... When there is no policy set for the zone to zone traffic, then that would be handled by the all2all policy which is reject. I''ll assume you don''t have fw to loc set to accept in the policy file. OUT=eth1 SRC=192.168.118.49 DST=192.168.118.10 Your blocking yourself, note the SRC... ant that it is outbound on eth1... Then that would require rules from the firewall to the lan. ACCEPT fw loc tcp - 53 ACCEPT fw loc udp - 53 Hope it helps... ----- Original Message ----- From: "Support" <support@leaderuniversal.com> To: "Shorewall" <shorewall-users@lists.shorewall.net> Sent: Thursday, September 11, 2003 09:27 PM Subject: [Shorewall-users] local port 53 accept> Sep 12 18:23:01 gateway kernel: Shorewall:all2all:REJECT:IN= OUT=eth1 > SRC=192.168.118.49 DST=192.168.118.10 LEN=53 TOS=0x00 PREC=0x00 TTL=64 > ID=18161 DF PROTO=UDP SPT=1041 DPT=53 LEN=33 > > Hi! Shorewall Users > > Above is my error log with DNS port (53) in my local network. > I have add the rules in my Shorewall firewall but still getting the error > above. > > ACCEPT loc fw tcp 53 > ACCEPT loc fw udp 53 > > My shorewall loc is 192.168.118.49 and my local dns server is192.168.118.10> > > Best Regards, > Support > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:http://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
Hi! Jerry Below is my policy setting fw net ACCEPT loc net ACCEPT net all DROP info all all REJECT info What should I do ? Best Regards, SUPPORT ----- Original Message ----- From: "Jerry Vonau" <jvonau@shaw.ca> To: "Shorewall Users Mailing List" <shorewall-users@lists.shorewall.net> Sent: Friday, September 12, 2003 12:33 PM Subject: Re: [Shorewall-users] local port 53 accept> With out the policy file this is a little foggy... > When there is no policy set for the zone to zone traffic, > then that would be handled by the all2all policy which is reject. > I''ll assume you don''t have fw to loc set to accept in the policy file. > > OUT=eth1 SRC=192.168.118.49 DST=192.168.118.10 > Your blocking yourself, note the SRC... ant that it is outbound on eth1... > > Then that would require rules from the firewall to the lan. > > ACCEPT fw loc tcp - 53 > ACCEPT fw loc udp - 53 > > Hope it helps... > > > ----- Original Message ----- > From: "Support" <support@leaderuniversal.com> > To: "Shorewall" <shorewall-users@lists.shorewall.net> > Sent: Thursday, September 11, 2003 09:27 PM > Subject: [Shorewall-users] local port 53 accept > > > > Sep 12 18:23:01 gateway kernel: Shorewall:all2all:REJECT:IN= OUT=eth1 > > SRC=192.168.118.49 DST=192.168.118.10 LEN=53 TOS=0x00 PREC=0x00 TTL=64 > > ID=18161 DF PROTO=UDP SPT=1041 DPT=53 LEN=33 > > > > Hi! Shorewall Users > > > > Above is my error log with DNS port (53) in my local network. > > I have add the rules in my Shorewall firewall but still getting theerror> > above. > > > > ACCEPT loc fw tcp 53 > > ACCEPT loc fw udp 53 > > > > My shorewall loc is 192.168.118.49 and my local dns server is > 192.168.118.10 > > > > > > Best Regards, > > Support > > > > > > _______________________________________________ > > Shorewall-users mailing list > > Post: Shorewall-users@lists.shorewall.net > > Subscribe/Unsubscribe: > http://lists.shorewall.net/mailman/listinfo/shorewall-users > > Support: http://www.shorewall.net/support.htm > > FAQ: http://www.shorewall.net/FAQ.htm > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:http://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
Well one of two ways In the rules file add the rules that I posted, should take care of the client dns issues... You will need to define rules for each of the other client services that the firewall will use as a client. OR to the top of the list in the policies add fw loc ACCEPT That will allow all connections to the lan from the firewall. What you choose is up to your own comfort level... Jerry ----- Original Message ----- From: "Support" <support@leaderuniversal.com> To: "Shorewall Users Mailing List" <shorewall-users@lists.shorewall.net> Sent: Friday, September 12, 2003 12:22 AM Subject: Re: [Shorewall-users] local port 53 accept> Hi! Jerry > > Below is my policy setting > > fw net ACCEPT > loc net ACCEPT > net all DROP info > all all REJECT info > > What should I do ? > > > Best Regards, > SUPPORT > > > ----- Original Message ----- > From: "Jerry Vonau" <jvonau@shaw.ca> > To: "Shorewall Users Mailing List" <shorewall-users@lists.shorewall.net> > Sent: Friday, September 12, 2003 12:33 PM > Subject: Re: [Shorewall-users] local port 53 accept > > > > With out the policy file this is a little foggy... > > When there is no policy set for the zone to zone traffic, > > then that would be handled by the all2all policy which is reject. > > I''ll assume you don''t have fw to loc set to accept in the policy file. > > > > OUT=eth1 SRC=192.168.118.49 DST=192.168.118.10 > > Your blocking yourself, note the SRC... ant that it is outbound oneth1...> > > > Then that would require rules from the firewall to the lan. > > > > ACCEPT fw loc tcp - 53 > > ACCEPT fw loc udp - 53 > > > > Hope it helps... > > > > > > ----- Original Message ----- > > From: "Support" <support@leaderuniversal.com> > > To: "Shorewall" <shorewall-users@lists.shorewall.net> > > Sent: Thursday, September 11, 2003 09:27 PM > > Subject: [Shorewall-users] local port 53 accept > > > > > > > Sep 12 18:23:01 gateway kernel: Shorewall:all2all:REJECT:IN= OUT=eth1 > > > SRC=192.168.118.49 DST=192.168.118.10 LEN=53 TOS=0x00 PREC=0x00 TTL=64 > > > ID=18161 DF PROTO=UDP SPT=1041 DPT=53 LEN=33 > > > > > > Hi! Shorewall Users > > > > > > Above is my error log with DNS port (53) in my local network. > > > I have add the rules in my Shorewall firewall but still getting the > error > > > above. > > > > > > ACCEPT loc fw tcp 53 > > > ACCEPT loc fw udp 53 > > > > > > My shorewall loc is 192.168.118.49 and my local dns server is > > 192.168.118.10 > > > > > > > > > Best Regards, > > > Support > > > > > > > > > _______________________________________________ > > > Shorewall-users mailing list > > > Post: Shorewall-users@lists.shorewall.net > > > Subscribe/Unsubscribe: > > http://lists.shorewall.net/mailman/listinfo/shorewall-users > > > Support: http://www.shorewall.net/support.htm > > > FAQ: http://www.shorewall.net/FAQ.htm > > > > _______________________________________________ > > Shorewall-users mailing list > > Post: Shorewall-users@lists.shorewall.net > > Subscribe/Unsubscribe: > http://lists.shorewall.net/mailman/listinfo/shorewall-users > > Support: http://www.shorewall.net/support.htm > > FAQ: http://www.shorewall.net/FAQ.htm > > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:http://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
Thank a lot .. Jerry I understand now ... thank for your HELP Best Regards, Support ----- Original Message ----- From: "Jerry Vonau" <jvonau@shaw.ca> To: "Shorewall Users Mailing List" <shorewall-users@lists.shorewall.net> Sent: Friday, September 12, 2003 1:36 PM Subject: Re: [Shorewall-users] local port 53 accept> Well one of two ways > In the rules file add the rules that I posted, should take care of the > client dns issues... > You will need to define rules for each of the other client services thatthe> firewall will use > as a client. OR to the top of the list in the policies add > fw loc ACCEPT > That will allow all connections to the lan from the firewall. > What you choose is up to your own comfort level... > Jerry > > > > > ----- Original Message ----- > From: "Support" <support@leaderuniversal.com> > To: "Shorewall Users Mailing List" <shorewall-users@lists.shorewall.net> > Sent: Friday, September 12, 2003 12:22 AM > Subject: Re: [Shorewall-users] local port 53 accept > > > > Hi! Jerry > > > > Below is my policy setting > > > > fw net ACCEPT > > loc net ACCEPT > > net all DROP info > > all all REJECT info > > > > What should I do ? > > > > > > Best Regards, > > SUPPORT > > > > > > ----- Original Message ----- > > From: "Jerry Vonau" <jvonau@shaw.ca> > > To: "Shorewall Users Mailing List" <shorewall-users@lists.shorewall.net> > > Sent: Friday, September 12, 2003 12:33 PM > > Subject: Re: [Shorewall-users] local port 53 accept > > > > > > > With out the policy file this is a little foggy... > > > When there is no policy set for the zone to zone traffic, > > > then that would be handled by the all2all policy which is reject. > > > I''ll assume you don''t have fw to loc set to accept in the policy file. > > > > > > OUT=eth1 SRC=192.168.118.49 DST=192.168.118.10 > > > Your blocking yourself, note the SRC... ant that it is outbound on > eth1... > > > > > > Then that would require rules from the firewall to the lan. > > > > > > ACCEPT fw loc tcp - 53 > > > ACCEPT fw loc udp - 53 > > > > > > Hope it helps... > > > > > > > > > ----- Original Message ----- > > > From: "Support" <support@leaderuniversal.com> > > > To: "Shorewall" <shorewall-users@lists.shorewall.net> > > > Sent: Thursday, September 11, 2003 09:27 PM > > > Subject: [Shorewall-users] local port 53 accept > > > > > > > > > > Sep 12 18:23:01 gateway kernel: Shorewall:all2all:REJECT:INOUT=eth1 > > > > SRC=192.168.118.49 DST=192.168.118.10 LEN=53 TOS=0x00 PREC=0x00TTL=64> > > > ID=18161 DF PROTO=UDP SPT=1041 DPT=53 LEN=33 > > > > > > > > Hi! Shorewall Users > > > > > > > > Above is my error log with DNS port (53) in my local network. > > > > I have add the rules in my Shorewall firewall but still getting the > > error > > > > above. > > > > > > > > ACCEPT loc fw tcp 53 > > > > ACCEPT loc fw udp 53 > > > > > > > > My shorewall loc is 192.168.118.49 and my local dns server is > > > 192.168.118.10 > > > > > > > > > > > > Best Regards, > > > > Support > > > > > > > > > > > > _______________________________________________ > > > > Shorewall-users mailing list > > > > Post: Shorewall-users@lists.shorewall.net > > > > Subscribe/Unsubscribe: > > > http://lists.shorewall.net/mailman/listinfo/shorewall-users > > > > Support: http://www.shorewall.net/support.htm > > > > FAQ: http://www.shorewall.net/FAQ.htm > > > > > > _______________________________________________ > > > Shorewall-users mailing list > > > Post: Shorewall-users@lists.shorewall.net > > > Subscribe/Unsubscribe: > > http://lists.shorewall.net/mailman/listinfo/shorewall-users > > > Support: http://www.shorewall.net/support.htm > > > FAQ: http://www.shorewall.net/FAQ.htm > > > > > > > _______________________________________________ > > Shorewall-users mailing list > > Post: Shorewall-users@lists.shorewall.net > > Subscribe/Unsubscribe: > http://lists.shorewall.net/mailman/listinfo/shorewall-users > > Support: http://www.shorewall.net/support.htm > > FAQ: http://www.shorewall.net/FAQ.htm > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:http://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >