Hi all! I have problems getting irc and fxp working. My policies are reject all traffic from/to any other zone, all traffic must be allowed specifically. I tried this rule for irc: ACCEPT loc net tcp 6660:7000 This is the message in the log : Shorewall:loc2net:REJECT:IN=eth0 OUT=eth1 SRC=10.10.253.255 DST=a.b.c.d LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=8714 DF PROTO=TCP SPT=1492 DPT=6666 WINDOW=64240 RES=0x00 SYN URGP=0 What am I doing wrong here? Also FTP''ing into or out of my box is working perfectly, but fxp is giving me problems. I think the problem is that the actual ftp data is coming from another IP than shorewall is expecting and therefore any traffic coming from port 20 to my box is getting dropped. How do I open up the box in such a way that fxp is still possible? This is a snippet from the log: Shorewall:fw2net:REJECT:IN= OUT=eth1 SRC=62.194.24.10 DST=a.b.c.d LEN=60 TOS=0x08 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=20 DPT=2618 WINDOW=5840 RES=0x00 SYN URGP=0 Thanks! Remco -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
--On Sunday, December 22, 2002 03:11:39 PM +0100 Remco Barendse <shorewall@barendse.to> wrote:> Hi all! > > I have problems getting irc and fxp working.As far as I know, there is no solution for fxp.> > My policies are reject all traffic from/to any other zone, all traffic > must be allowed specifically. > > I tried this rule for irc: > ACCEPT loc net tcp 6660:7000 > > This is the message in the log : > Shorewall:loc2net:REJECT:IN=eth0 OUT=eth1 SRC=10.10.253.255 > DST=a.b.c.d LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=8714 DF PROTO=TCP > SPT=1492 DPT=6666 WINDOW=64240 RES=0x00 SYN URGP=0 > > What am I doing wrong here? >Don''t know -- clearly the packet in the log message didn''t go through the rule you show above. How is your local zone subnetted? 10.10.0.0/16? Do you see the rule when you "shorewall show loc2net"? -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
On Sun, 22 Dec 2002, Tom Eastep wrote:> > I have problems getting irc and fxp working. > > As far as I know, there is no solution for fxp.Isn''t it possible to make a rule that allows traffic from soure port 20 to any destination/ip??> > My policies are reject all traffic from/to any other zone, all traffic > > must be allowed specifically. > > > > I tried this rule for irc: > > ACCEPT loc net tcp 6660:7000 > > > > This is the message in the log : > > Shorewall:loc2net:REJECT:IN=eth0 OUT=eth1 SRC=10.10.253.255 > > DST=a.b.c.d LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=8714 DF PROTO=TCP > > SPT=1492 DPT=6666 WINDOW=64240 RES=0x00 SYN URGP=0 > > > > What am I doing wrong here? > > Don''t know -- clearly the packet in the log message didn''t go through the > rule you show above. How is your local zone subnetted? 10.10.0.0/16? Do you > see the rule when you "shorewall show loc2net"?Problem solved, the problem is that several "Use Random ...net server" thingies in mIRC were not working. The servers my mIRC was pointed to were not responding or something. Using irc servers directly is working without problems and most of the `use random xxx server'' seems to work too. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
--On Sunday, December 22, 2002 05:31:28 PM +0100 Remco Barendse <shorewall@barendse.to> wrote:> > On Sun, 22 Dec 2002, Tom Eastep wrote: >> > I have problems getting irc and fxp working. >> >> As far as I know, there is no solution for fxp. > Isn''t it possible to make a rule that allows traffic from soure port 20 > to any destination/ip??Yes. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net