Shorewall users - Apr 2002 - shorewall starts blocking everything after a while

Hello,

I''m not going to include much detail with this first message because I
do
not know what I''m supposed to include.

Shorewall is acting as a firewall for a single box with port forwarding 
enabled.  It is on a redhat 7.2 system with latest patches etc...  There are 
2 net cards, eth0->DSL, eth1->local_network.

Shorewall has been configured by hand.  I did not use one of the 
pre-generated set of rules etc... I have several rules in the rules file 
because this box also serves as a webserver, mail server, DNS, etc...

The shorewall firewall works for a little while (5-10 minutes), then all of 
a sudden it starts blocking EVERYTHING from the outside world.  After a 
little while, it lets up and lets more connections in, then it starts 
blocking everything again.  Meanwhile, all appropriate traffic *CAN* get out 
of the server through the firewall to the internet.

For example, here is one of my machines trying to ssh (a windows box) into 
the server through the firewall (which would normally work):

Apr  1 20:24:22 burrito kernel: Shorewall:all2all:REJECT:IN=eth1 OUT= 
MAC=00:a0:cc:7a:fd:f0:00:02:e3:0b:be:e3:08:00 SRC=64.81.149.239 
DST=64.81.149.242 LEN=48 TOS=0x10 PREC=0x00 TTL=128 ID=7222 DF PROTO=TCP 
SPT=1896 DPT=22 WINDOW=16384 RES=0x00 SYN URGP=0

What I don''t understand, is how packets seem to be getting onto eth1 - 
that''s my local network interface.

If anyone can shed some light on this, I''d appreciate it.

-dave

_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com

Do you have both of your interfaces connected to the same hub or switch?

-Tom

----- Original Message -----
From: "Dave Marotti" <landshark_666@hotmail.com>
To: <shorewall-users@shorewall.net>
Sent: Monday, April 01, 2002 5:21 PM
Subject: [Shorewall-users] shorewall starts blocking everything after a
while

> Hello,
>
> I''m not going to include much detail with this first message
because I do
> not know what I''m supposed to include.
>
> Shorewall is acting as a firewall for a single box with port forwarding
> enabled.  It is on a redhat 7.2 system with latest patches etc...  There
are
> 2 net cards, eth0->DSL, eth1->local_network.
>
> Shorewall has been configured by hand.  I did not use one of the
> pre-generated set of rules etc... I have several rules in the rules file
> because this box also serves as a webserver, mail server, DNS, etc...
>
> The shorewall firewall works for a little while (5-10 minutes), then all
of
> a sudden it starts blocking EVERYTHING from the outside world.  After a
> little while, it lets up and lets more connections in, then it starts
> blocking everything again.  Meanwhile, all appropriate traffic *CAN* get
out
> of the server through the firewall to the internet.
>
> For example, here is one of my machines trying to ssh (a windows box) into
> the server through the firewall (which would normally work):
>
> Apr  1 20:24:22 burrito kernel: Shorewall:all2all:REJECT:IN=eth1 OUT>
MAC=00:a0:cc:7a:fd:f0:00:02:e3:0b:be:e3:08:00 SRC=64.81.149.239
> DST=64.81.149.242 LEN=48 TOS=0x10 PREC=0x00 TTL=128 ID=7222 DF PROTO=TCP
> SPT=1896 DPT=22 WINDOW=16384 RES=0x00 SYN URGP=0
>
> What I don''t understand, is how packets seem to be getting onto
eth1 -
> that''s my local network interface.
>
> If anyone can shed some light on this, I''d appreciate it.
>
> -dave
>
> _________________________________________________________________
> Join the world''s largest e-mail service with MSN Hotmail.
> http://www.hotmail.com
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@shorewall.net
> http://www.shorewall.net/mailman/listinfo/shorewall-users
>

Hey Tom,

Yes *hangs head in shame* I did.  I''ve been running like this for a
while
with no problems, until today after I replaced a netcard, combined a hard 
drive, replaced a hard drive, added a hard drive, added a video card, etc... 
the list goes on :)

*hangs his head in shame again*

I actually just changed it about 30 minutes ago because I thought that may 
have been a problem too, and I''m playing around with the machine trying
to
break it... so far so good.

I also started toying with x port forwarding today to connect to X from 
windows today.  So all in all, alot of things have changed, and there is 1 
single problem lingering around.

I hope it was the hub thing.

Thank you for your quick response.

-dave

>Do you have both of your interfaces connected to the same hub or switch?
>
>-Tom

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com