search for: unreplied

...nces) pkts bytes target prot opt in out source destination Chain pretos (1 references) pkts bytes target prot opt in out source destination tcp 6 75 SYN_SENT src=80.171.100.101 dst=203.221.73.195 sport=44165 dport=4662 [UNREPLIED] src=203.221.73.195 dst=80.171.100.101 sport=4662 dport=44165 use=1 tcp 6 274578 ESTABLISHED src=213.39.215.49 dst=161.53.68.130 sport=39410 dport=4663 src=161.53.68.130 dst=213.39.215.49 sport=4663 dport=39410 [ASSURED] use=1 tcp 6 293952 ESTABLISHED src=213.39.215.49 dst=161.53.68.13...

https://bugzilla.netfilter.org/show_bug.cgi?id=1183 Bug ID: 1183 Summary: need options to output UNREPLIED connections Product: conntrack-tools Version: unspecified Hardware: x86_64 OS: Fedora Status: NEW Severity: enhancement Priority: P5 Component: conntrack Assignee: netfilter-buglog at lists.netfilter....

...S tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:20 TOS set 0x08 0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 TOS set 0x08 tcp 6 412384 ESTABLISHED src=192.168.0.42 dst=192.168.0.56 sport=139 dport=3541 [UNREPLIED] src=192.168.0.56 dst=192.168.0.42 sport=3541 dport=139 use=1 tcp 6 407164 ESTABLISHED src=192.168.0.56 dst=192.168.0.42 sport=139 dport=3027 [UNREPLIED] src=192.168.0.42 dst=192.168.0.56 sport=3027 dport=139 use=1 tcp 6 320941 ESTABLISHED src=192.168.0.56 dst=192.168.0.42 sport=139 d...

Unreplied message when i try to connect to an internal system I''ve set up a shorewall 3.0.5 system on Fedora core 4 When i want to connect from an external computer to one in my network it does not reply. I connect from 212.19.195.160 to 212.178.64.74 trough port 8080 The rule i made is: DNAT ...

...ED MESSAGE----- Hash: SHA1 I have a situation where some Poptop/PPTP sessions (only with FC5/Shorewall to FC5/Shorewall firewall in between) cause the following to appear in the state table (shorewall show connections). unknown 47 420 src=XX.234.79.183 dst=XX.234.137.226 packets=2 bytes=130 [UNREPLIED] src=XX.234.137.226 dst=XX.234.79.183 packets=0 bytes=0 mark=0 use=1 This prevents another connection attempt succeeding from that firewalls IP address until that entry ages out of the table. My question. Would I use the "Action" section of Shorewall to tell the firewall to either acce...

...Date: Mon, 8 Jul 2002 15:27:14 -0700 this is shorewall status output: tcp 6 431899 ESTABLISHED src=192.168.20.5 dst=64.4.12.45 sport=2185 dport=1863 src=64.4.12.45 dst=63.25.123.58 sport=1863 dport=2185 [ASSURED] use=1 udp 17 30 src=192.168.20.5 dst=192.168.20.254 sport=2359 dport=53 [UNREPLIED] src=192.168.20.254 dst=192.168.20.5 sport=53 dport=2359 use=1 tcp 6 431999 ESTABLISHED src=192.168.20.5 dst=192.168.20.254 sport=2130 dport=22 src=192.168.20.254 dst=192.168.20.5 sport=22 dport=2130 [ASSURED] use=1 udp 17 28 src=192.168.20.5 dst=192.168.20.254 sport=2358 dport=53 [UNREPL...

...the ip address accordingly) ----------------- udp 17 29 src=2.2.2.2 dst=3.3.3.3 sport=161 dport=1914 [UNREPLIED] src=3.3.3.3 dst=2.2.2.2 sport=1914 dport=161 use=1 mark=0 udp 17 28 src=2.2.2.2 dst=3.3.3.3 sport=161 dport=1913 [UNREPLIED] src=3.3.3.3 dst=2.2.2.2 sport=1913 dport=161 use=1 mark=0 udp 17 27 src=2.2.2.2 dst=3.3.3.3 sport=161 dport=1912 [UNREPLIED] src=3.3.3.3 dst=2.2.2.2 sport=1912 dpo...

...t: 1300 3 1.119446000 bbb.162.192 aaa.185.165 UDP 66 Source port: 1024 Destination port: 1300 and a collateral entry in the connection tracking table (out of shorewall dump): Conntrack Table (1512 out of 65536) [...] udp 17 22 src=212.117.77.218 dst=62.155.185.165 sport=1300 dport=1300 [UNREPLIED] src=62.155.185.165 dst=80.152.162.192 sport=1300 dport=1024 mark=0 use=2 udp 17 172 src=62.155.185.165 dst=80.152.162.192 sport=1300 dport=1300 src=80.152.162.192 dst=62.155.185.165 sport=1300 dport=1300 [ASSURED] mark=256 use=2 [...] How can I get rid of the additional entry when the op...

...mdk. Run "nmap -sP 192.168.x.x/24" (for example), where 192.168.x.x/24 is the LAN. You can do this from a firewall/router, or even from a single-interface computer that only runs Shorewall for its own protection. Then run "shorewall show connections" and you will see a bunch of unreplied, inuse connections for all the IP addresses in 192.168.x.x/24 that didn''t respond. This seems like a too easy way to use up memory and possibly create a DOS situation. My first thoughts are that only connections that have actually been masqueraded need to be tracked. Since no masqueradin...

...ewhat occasionally) after a reboot of my shorewall[-lite] machine I find that I end up with conntrack table entries for unNATted connections such as: # conntrack -L -p udp --dport 5060 -d 99.232.11.14 udp 17 59 src=10.75.22.8 dst=99.232.11.14 sport=5060 dport=5060 packets=5472 bytes=3031488 [UNREPLIED] src=99.232.11.14 dst=10.75.22.8 sport=5060 dport=5060 packets=0 bytes=0 mark=1 use=2 These are supposed to be NATted and will be so if I flush the offending entries from the conntrack table: # conntrack -D -p udp --dport 5060 -d 99.232.11.14 udp 17 52 src=10.75.22.8 dst=99.232.11.14 sport=5...

hi, it''d be very useful to add some kind of "log everything" option to shorewall. currently the logging is useful if you know what you would like to log. but if you don''t know than it''s a problem... another problem that currently it''s not possible to log the nat table. at least i can''t find any way (can''t add logging into masq and

Hi. I have strange troubles with DNATing UDP packets. The situation: 1. We have local network 10.10.0.0/16 2. We have a "server network" 192.168.1.0/25 connected with local network by a router 10.10.100.1 (other ip 192.168.1.1). 3. Web server is located at 192.168.1.2 4. There are HW pingers in the net 10.10.0.0/16 whose do ping 10.10.100.1 every second. The ping is the UDP packet

Hello, I''ve finally managed to setup a firewall with freeswan 2.04 using the kernel crypto api (backported from kernel 2.6). (Almost) everything seems to work fine if I disable shorewall, but packets are filtered whe shorewall is active. I''ve already read a past thread on the subject and I followed all the hints and it actually partially works: my lan I can access the remote

...s 9x. That is, I am _not_ looking for a work-around but the real thing--one config.pol file to service several groups. I have done my homework, hopefully well, but found nothing. To prove this, I will quickly summarize my findings below. Either I have found: 1. a list of unresolved (mostly unreplied as well) inquiries from the past including some from Sept, Oct, and Dec of 1999, along with the latest inquiry dated July 2002, and others as well. (These were from the SAMBA Mailing List.) or 2. a work-around. Please let me know if any version <3.0 correctly supports group policies for...

...port=143 src=xxx.xxx.xxx.10 dst=82.207.244.46 sport=143 dport=1387 use=1 tcp 6 369087 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=13643 dport=13642 src=127.0.0.1 dst=127.0.0.1 sport=13642 dport=13643 use=1 tcp 6 167922 ESTABLISHED src=172.16.1.2 dst=192.168.15.20 sport=38517 dport=80 [UNREPLIED] src=192.168.15.20 dst=172.16.1.2 sport=80 dport=38517 use=1 tcp 6 14 TIME_WAIT src=xxx.xxx.xxx.10 dst=195.180.9.185 sport=12907 dport=110 src=195.180.9.185 dst=xxx.xxx.xxx.10 sport=110 dport=12907 use=1 tcp 6 369087 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=13651 dport=13650 src=12...

...The Shorewall firewall shows no error messages during the connection, and all other traffic seems to do what it is supposed to do. This line is from "shorewall show connections": tcp 6 18 SYN_SENT src=<INTERNAL ADDRESS> dst=<REMOTE MAIL SERVER> sport=35375 dport=25 [UNREPLIED] src=<REMOTE MAIL SERVER> dst=<LOCAL EXTERNAL IP> sport=25 dport=35375 use=1 I have tried to contact the remote administrator with no luck. I am trying to give as much information as possible, and can send more if necessary. Any help would be appreciated, Marc Harding. P.S. Th...

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=49 ------- Additional Comments From laforge@netfilter.org 2003-02-14 08:39 ------- what patches from patch-o-matic do you use? Do you know how to reproduce this behaviour? ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

...nntrack tools to both routers/firewalls to synchronize the session tables (using ftfw procotol). That works as expected. If e.g. I ping from an inside server to somewhere outside, ICMP request leaves via router2, the answer comes back via router1. conntrack -e on router1 shows this session (as unreplied), BUT the firewall blocks it as new connection - that means iptables does not recognize conntrackd's addition to the session table. Seems that I have a conceptional misunderstanding here - but I do not find anything that could be wrong. Could somebody please help? I am stuck. Any hint or h...

...netfilter.org Reporter: korn-netfilter.org at elan.rulez.org I have a firewall where sometimes NAT rules change so that certain UDP connections that were not SNATed before should be SNATed now. Before the NAT rules go up, the affected packets are passed but the connections end up in the UNREPLIED state; however, due to connection tracking, these sessions get stuck in this state if the source keeps sending new UDP packets. I would like to be able to flush unreplied UDP connections using something like conntrack -D -p udp -u !assured I'm sure filter negation would be useful in many oth...

...al network. I have: TFTP(ACCEPT) dmz loc:10.10.10.1 in /etc/shorewall/rules, and: oadmodule nf_conntrack_tftp in /etc/shorewall/modules. The module is loaded and I do see some entries come and go, e.g.: udp 17 10 src=4.28.99.164 dst=10.10.10.1 sport=2071 dport=69 [UNREPLIED] src=10.10.10.1 dst=4.28.99.164 sport=69 dport=2071 mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=2 But it appears that the replies from the client are still being blocked, e.g.: Oct 16 10:17:34 inferno kernel: [1841301.871809] Shorewall:dmz2loc:REJECT:IN=em2 OUT=em1 MAC=00:b0:d0:df:e3:1...