thr3ads.net - Shorewall users - [Shorewall-users] Jan 16 17:49:33 murowall kernel: Shorewall Shorewall:FORWARD:REJECT:IN=eth0 O UT=eth2 [Jan 2003]

If this information is useful, please help other people find it:
Share via:

Martinez, Mike (MHS-ACS)

2003-Jan-16 09:50 UTC

[Shorewall-users] Jan 16 17:49:33 murowall kernel: Shorewall Shorewall:FORWARD:REJECT:IN=eth0 O UT=eth2

Marta,

As Alan pointed out the loc->net policy is Continue, it should probably be
loc->net ACCEPT.

This is from Tom''s Shorewall Documentation...
http://www.shorewall.net/Documentation.htm#Policy

CONTINUE - The connection is neither ACCEPTed, DROPped nor REJECTed.
CONTINUE may be used when one or both of the zones named in the entry are
sub-zones of or intersect with another zone. For more information, see below
... 

The CONTINUE policy
Where zones are nested or overlapping , the CONTINUE policy allows hosts
that are within multiple zones to be managed under the rules of all of these
zones. 

It looks like you have three zones based upon your interfaces file and they
are not nested or overlapped......so you should probably change the policy
to loc->net ACCEPT and this will allow you to telnet out to the net.

Hope this helps
Mike



-----Original Message-----
From: Alan Sparks [mailto:asparks@doublesparks.net]
Sent: Thursday, January 16, 2003 11:02 AM
To: marta_jara@zenithmedia.es
Cc: Shorewall-users@shorewall.net
Subject: Re: [Shorewall-users] Jan 16 17:49:33 murowall kernel:
Shorewall:loc2net:CONTINUE:IN=eth0 OUT=eth2 SRC
Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth2


You should probably have shown the rules file also... but
I see the loc->net policy is CONTINUE, but don''t see where the
policy
subsequently allows this outbound traffic.  Do you really mean for that to
be CONTINUE, or ACCEPT?

And without seeing the rules, it''s difficult to say more, I think...
-Alan

Marta Jara said:> I have the problem when my localnetwork do telnet to the net
>  Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth2
>
> my files are the following:
> policy
> #SOURCE        DEST        POLICY        LOG LEVEL    LIMIT:BURST
> loc             net             CONTINUE        info
> loc             fw              ACCEPT            info
> loc        loc        ACCEPT
> loc             dmz             ACCEPT        info
> fw              loc             ACCEPT        info
> fw        fw        ACCEPT        info
> fw              net             ACCEPT          info
> fw              dmz             ACCEPT          info
> dmz             net             ACCEPT         info
> dmz             fw              ACCEPT
> net             loc             DROP             info
> net        fw        DROP        info
> all             all             REJECT          info
> #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
>
> interfaces
>
>
> net      eth2           detect          filterping
> loc      eth0           detect          filterping
> dmz      eth1           detect
>
>
> and when I tried to go to the net the messages are:
> Jan 16 17:49:33 murowall kernel: Shorewall:loc2net:CONTINUE:IN=eth0
> OUT=eth2 SRC
> =192.168.2.96 DST=80.25.233.57 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=6877
>  DF PROT
> O=TCP SPT=1813 DPT=23 WINDOW=16384 RES=0x00 SYN URGP=0
> Jan 16 17:49:33 murowall kernel: Shorewall:FORWARD:REJECT:IN=eth0
> OUT=eth2 SRC=1
> 92.168.2.96 DST=80.25.233.57 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=6877
> DF PROTOTCP SPT=1813 DPT=23 WINDOW=16384 RES=0x00 SYN URGP=0
> Jan 16 17:49:34 murowall kernel: Shorewall:loc2net:CONTINUE:IN=eth0
> OUT=eth2 SRC
> =192.168.2.96 DST=80.25.233.57 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=6889
>  DF PROT
> O=TCP SPT=1813 DPT=23 WINDOW=16384 RES=0x00 SYN URGP=0
> Jan 16 17:49:34 murowall kernel: Shorewall:FORWARD:REJECT:IN=eth0
> OUT=eth2 SRC=1
> 92.168.2.96 DST=80.25.233.57 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=6889
> DF PROTOTCP SPT=1813 DPT=23 WINDOW=16384 RES=0x00 SYN URGP=0
> Jan 16 17:49:34 murowall kernel: Shorewall:loc2net:CONTINUE:IN=eth0
> OUT=eth2 SRC
> =192.168.2.96 DST=80.25.233.57 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=6900
>  DF PROT
> O=TCP SPT=1813 DPT=23 WINDOW=16384 RES=0x00 SYN URGP=0
> Jan 16 17:49:34 murowall kernel: Shorewall:FORWARD:REJECT:IN=eth0
> OUT=eth2 SRC=1
> --M?s--
> 92.168.2.96 DST=80.25.233.57 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=6900
> DF PROTOTCP SPT=1813 DPT=23 WINDOW=16384 RES=0x00 SYN URGP=0
>
>
>
> can you help me?
> thanks a lot of??
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@shorewall.net
> http://mail.shorewall.net/mailman/listinfo/shorewall-users

==========Alan Sparks, UNIX/Linux Systems Administrator   
<asparks@doublesparks.net>


_______________________________________________
Shorewall-users mailing list
Shorewall-users@shorewall.net
http://mail.shorewall.net/mailman/listinfo/shorewall-users

Possibly Parallel Threads

Search for more possibly parallel threads

Shorewall users - Jan 2003 - Jan 16 17:49:33 murowall kernel: Shorewall Shorewall:FORWARD:REJECT:IN=eth0 O UT=eth2

[Shorewall-users] Jan 16 17:49:33 murowall kernel: Shorewall Shorewall:FORWARD:REJECT:IN=eth0 O UT=eth2

Possibly Parallel Threads

Wisdom of the Ancients