Shorewall users - Jun 2003 - I thought I''d done it right

Just upgraded to the lates from 1.3.x and thought I''d paid attention to
the
docs, but I am seeing a whole bunch of the following.  What did I screw up 
this time?

Jun  7 20:45:53 omega kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 
SRC=192.168.0.1 DST=192.168.0.253 LEN=28 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF 
PROTO=ICMP TYPE=8 CODE=0 ID=7254 SEQ=0

-- 
Sed quis custodiet ipsos custodes?
=========================================================================Robin
Lynn Frank - Director of Operations - Paradigm-Omega, LLC
Copyright and PGP/GPG info in mail or message headers.
Email acceptance policy at http://paradigm-omega.com/email_policy.html
==========================================================================

I think that this may be related too...
http://www.shorewall.net/FAQ.htm#faq21
I bet that you are using port forwarding where you should be using DNAT, or
something to that effect.

I remember reading about some necessary changes that happened between 1.3
and 1.4, check out the errata for the release you upgraded to, as well as
the in between major version upgrade issues.
http://shorewall.net/errata.htm
http://shorewall.net/upgrade_issues.htm

***Wait! After looking a bit, I bet it is in here:
http://shorewall.net/ping.html

Let me know what you find, I have some 1.3.x firewalls that will be upgraded
soon (after finals)...

-Alex
http://www.rettc.com


----- Original Message -----
From: "Robin Lynn Frank" <rlfrank@paradigm-omega.com>
To: <shorewall-users@lists.shorewall.net>
Sent: Saturday, June 07, 2003 9:08 PM
Subject: [Shorewall-users] I thought I''d done it right


Just upgraded to the lates from 1.3.x and thought I''d paid attention to
the
docs, but I am seeing a whole bunch of the following.  What did I screw up
this time?

Jun  7 20:45:53 omega kernel: Shorewall:all2all:REJECT:IN= OUT=eth0
SRC=192.168.0.1 DST=192.168.0.253 LEN=28 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
PROTO=ICMP TYPE=8 CODE=0 ID=7254 SEQ=0

--
Sed quis custodiet ipsos custodes?
=========================================================================Robin
Lynn Frank - Director of Operations - Paradigm-Omega, LLC
Copyright and PGP/GPG info in mail or message headers.
Email acceptance policy at http://paradigm-omega.com/email_policy.html
=========================================================================_______________________________________________
Shorewall-users mailing list
Post: Shorewall-users@lists.shorewall.net
Subscribe/Unsubscribe:
http://lists.shorewall.net/mailman/listinfo/shorewall-users
Support: http://www.shorewall.net/support.htm
FAQ: http://www.shorewall.net/FAQ.htm

On Sat, 7 Jun 2003 21:08:56 -0700, Robin Lynn Frank <rlfrank@paradigm- 
omega.com> wrote:
> Just upgraded to the lates from 1.3.x and thought I''d paid
attention to
> the docs, but I am seeing a whole bunch of the following.  What did I 
> screw up this time?
>
> Jun  7 20:45:53 omega kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 
> SRC=192.168.0.1 DST=192.168.0.253 LEN=28 TOS=0x00 PREC=0x00 TTL=64 ID=0 
> DF PROTO=ICMP TYPE=8 CODE=0 ID=7254 SEQ=0
>
You are missing a ''ping'' rule from the firewall zone to
whatever zone is
connected to eth0.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net