Shorewall has suddenly started blocking all access from the firewall machine to the internet. Until an hour or so ago, all was well with my system (SuSE 8.1 machine acting as a gateway for LAN, 2-interface setup, cable modem). Then, I suddenly lost access to the internet. Now, if I clear shorewall, I can get out but, when I restart it, I lose access. I can still access POP3 and NNTP servers from the LAN with shorewall running, but apparently not http servers. [Addendum - I now also seem to have lost POP3 etc. access from the LAN.] I haven''t touched any of the shorewall config files - when the net went down, I was working on my CrossoverOffice + IE5.5 problem. When I try to access the cable modem''s internal server (192.168.100.1) from mozilla, I got entries like this in /var/log/messages (replaced my external IP address in DST with [IP]), and I couldn''t load the page. Nov 5 10:51:11 linux kernel: Shorewall:rfc1918:DROP:IN=eth0 OUTMAC=00:40:95:30:26:ed:00:20:40:90:a9:b1:08:00 SRC=192.168.100.1 DST=[IP] LEN=40 TOS=0x00 PREC=0x00 TTL=30 ID=3591 PROTO=TCP SPT=80 DPT=32871 WINDOW=4096 RES=0x00 ACK SYN URGP=0 Any advice gratefully received! John -- John Pettigrew Headstrong Games john@headstrong-games.co.uk Fun : Strategy : Price http://www.headstrong-games.co.uk/ Board games that won''t break the bank Valley of the Kings: ransack an ancient Egyptian tomb but beware of mummies!
Hi John, taken from shorewall ref. manual: <<-- snip -->> /etc/shorewall/rfc1918 (Added in Version 1.3.1) This file lists the subnets affected by the norfc1918 interface option. Columns in the file are: <<-- snip -->> if this applied to your interface options for eth0, it will block 192.168.0.0/16 networks from coming into you network! Do you use NAT?? Do you have an official IP?? Hope that helps ;-) :wq swen On Tue, 05 Nov 2002 11:01:41 GMT John Pettigrew <john@headstrong-games.co.uk> wrote:> Shorewall has suddenly started blocking all access from the firewall > machine to the internet. Until an hour or so ago, all was well with my > system (SuSE 8.1 machine acting as a gateway for LAN, 2-interface > setup, cable modem). Then, I suddenly lost access to the internet. > Now, if I clear shorewall, I can get out but, when I restart it, I > lose access. I can still access POP3 and NNTP servers from the LAN > with shorewall running, but apparently not http servers. [Addendum - I > now also seem to have lost POP3 etc. access from the LAN.] > > I haven''t touched any of the shorewall config files - when the net > went down, I was working on my CrossoverOffice + IE5.5 problem. > > When I try to access the cable modem''s internal server (192.168.100.1) > from mozilla, I got entries like this in /var/log/messages (replaced > my external IP address in DST with [IP]), and I couldn''t load the > page. > > Nov 5 10:51:11 linux kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT> MAC=00:40:95:30:26:ed:00:20:40:90:a9:b1:08:00 SRC=192.168.100.1 > DST=[IP] LEN=40 TOS=0x00 PREC=0x00 TTL=30 ID=3591 PROTO=TCP SPT=80 > DPT=32871 WINDOW=4096 RES=0x00 ACK SYN URGP=0 > > Any advice gratefully received! > > John > -- > John Pettigrew Headstrong Games > john@headstrong-games.co.uk Fun : Strategy : Price > http://www.headstrong-games.co.uk/ Board games that won''t break > the bank Valley of the Kings: ransack an ancient Egyptian tomb but > beware of mummies!_______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users >-- ---------------------------------------------- Swen Veckes - InterNetwork Engineer - KDDI Tel/FAX: +49 211 93698-518/50 --------- http://www.de.kddi.com -------------
Shorewall has suddenly started blocking all access from the firewall machine to the internet. Until an hour or so ago, all was well with my system (SuSE 8.1 machine acting as a gateway for LAN, 2-interface setup, cable modem). Then, I suddenly lost access to the internet. Now, if I clear shorewall, I can get out but, when I restart it, I lose access. I can still access POP3 and NNTP servers from the LAN with shorewall running, but apparently not http servers. I haven''t touched any of the shorewall config files - when the net went down, I was working on my CrossoverOffice + IE5.5 problem. When I try to access the cable modem''s internal server (192.168.100.1) from mozilla, I got entries like this in /var/log/messages (replaced my external IP address in DST with [IP]), and I couldn''t load the page. Nov 5 10:51:11 linux kernel: Shorewall:rfc1918:DROP:IN=eth0 OUTMAC=00:40:95:30:26:ed:00:20:40:90:a9:b1:08:00 SRC=192.168.100.1 DST=[IP] LEN=40 TOS=0x00 PREC=0x00 TTL=30 ID=3591 PROTO=TCP SPT=80 DPT=32871 WINDOW=4096 RES=0x00 ACK SYN URGP=0 Any advice gratefully received! John -- John Pettigrew Headstrong Games john@headstrong-games.co.uk Fun : Strategy : Price http://www.headstrong-games.co.uk/ Board games that won''t break the bank Valley of the Kings: ransack an ancient Egyptian tomb but beware of mummies!
John, Please don''t repost your problem if you don''t get an immediate reply (although there has been one responder to your original post already). If you want firewall support that gives you immediate response to your problem reports then I suggest that you get a commercial firewall and buy its support option. --On Tuesday, November 05, 2002 3:17 PM +0000 John Pettigrew <john@headstrong-games.co.uk> wrote:> Shorewall has suddenly started blocking all access from the firewall > machine to the internet. Until an hour or so ago, all was well with my > system (SuSE 8.1 machine acting as a gateway for LAN, 2-interface setup, > cable modem). Then, I suddenly lost access to the internet. Now, if I > clear shorewall, I can get out but, when I restart it, I lose access. I > can still access POP3 and NNTP servers from the LAN with shorewall > running, but apparently not http servers.And you are seeing no other messages except when you try to access your cable modem? Can you use http if you use IP addresses rather than DNS names?> > I haven''t touched any of the shorewall config files - when the net went > down, I was working on my CrossoverOffice + IE5.5 problem. > > When I try to access the cable modem''s internal server (192.168.100.1) > from mozilla, I got entries like this in /var/log/messages (replaced my > external IP address in DST with [IP]), and I couldn''t load the page. > > Nov 5 10:51:11 linux kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT> MAC=00:40:95:30:26:ed:00:20:40:90:a9:b1:08:00 SRC=192.168.100.1 DST=[IP] > LEN=40 TOS=0x00 PREC=0x00 TTL=30 ID=3591 PROTO=TCP SPT=80 DPT=32871 > WINDOW=4096 RES=0x00 ACK SYN URGP=0 >This is FAQ #14 (http://www.shorewall.net/FAQ.htm#faq14). If you "haven''t touched any of the shorewall config files" then you weren''t able to access your cable modem''s internal server before this problem began either. -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
In a previous message, Tom Eastep wrote:> Please don''t repost your problem if you don''t get an immediate replyMany apologies. After I had originally posted my query, I realised that I had unsubbed from the list a few weeks ago. I therefore assumed that my query had been rejected by the list server, and so reposted it once I had subbed to the list again. Could I ask the person who had kindly already replied to send a copy of the email to my personal address so that we don''t clutter the list up any more than necessary? I apologise to everyone for the annoyance that this mistake has caused. John -- John Pettigrew Headstrong Games john@headstrong-games.co.uk Fun : Strategy : Price http://www.headstrong-games.co.uk/ Board games that won''t break the bank Valley of the Kings: ransack an ancient Egyptian tomb but beware of mummies!