thr3ads.net - Shorewall users - [Shorewall-users] Shorewall stopped working properly [Jul 2003]

If this information is useful, please help other people find it:
Share via:

Kim Christensen

2003-Jul-17 10:06 UTC

[Shorewall-users] Shorewall stopped working properly

Hi all

- Sorry of my english, hope you understand : ) -

1. Iam new to linux and Shorewall : )
2. I use Shorewall on one mashcine in my network
3. I use the "two-interface setup"
4. To have it all work i just allow all incomming and outgoing connection
5. I began "play" with the setup and i worked okay.
6. Every time i did somthing i put the setup back to the beginning
7. But then the firewall diddent allow all the others mashines to pass to
the internet
8. I diddent know what i did wrong, so i look at the setup for long time but
with no result ; (
9. I tried to stop the firewall so their was no rules ect. with no luck too!
10. I tried to Clear the firewall - and i diddent help too
11. Today i uninstall the shorewall and install it again and now it is
working just fine

12. I have saved all the setup for the "old" Shorewall (and a copy of
"show
status") to look back and se the problem

13. I like som help the see what i did wrong, so witch file must i include
here to you ? (show status/rules/?)

-----------------------
PROBLEM
net=internet
fw=Shorewall firewall
loc=local...

fw<-->net    YES
net<-->fw    YES
fw<-->loc    YES
loc<-->fw    YES
loc<-->net   NO
net<-->loc   NO
-----------------------


Please have a happy day

Kim Christensen









---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.501 / Virus Database: 299 - Release Date: 14-07-2003

Tom Eastep

2003-Jul-17 11:26 UTC

head link

[Shorewall-users] Shorewall stopped working properly

On Thu, 2003-07-17 at 10:04, Kim Christensen wrote:
> 9. I tried to stop the firewall so their was no rules ect. with no luck
too!
Stopping Shorewall does *not* remove all rules; see
http://www.shorewall.net/starting_and_stopping_shorewall.htm

> 10. I tried to Clear the firewall - and i diddent help too
That would have produced the set of symptoms that you report in the
table below.
> 
> 13. I like som help the see what i did wrong, so witch file must i include
> here to you ? (show status/rules/?)
The output of "shorewall status" will tell us.
> 
> -----------------------
> PROBLEM
> net=internet
> fw=Shorewall firewall
> loc=local...
> 
> fw<-->net    YES
> net<-->fw    YES
> fw<-->loc    YES
> loc<-->fw    YES
> loc<-->net   NO
> net<-->loc   NO
> -----------------------
> 
> 
> Please have a happy day
Thanks!

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Kim Christensen

2003-Jul-17 12:16 UTC

head link

SV: [Shorewall-users] Shorewall stopped working properly

Hi
>> 9. I tried to stop the firewall so their was no rules ect. with no lucktoo!

TOM:>Stopping Shorewall does *not* remove all rules; see
>http://www.shorewall.net/starting_and_stopping_shorewall.htm

MY SETUP (or i try to set it op like this..)

Interface  Accessible adresse
eth1       All adresses
eth0       All adressen

It worked since last week, when i stopped the firewall it was possible to
enter the NET from all maschines in the network.
>> 10. I tried to Clear the firewall - and i diddent help too
TOM:>That would have produced the set of symptoms that you report in the
>table below.
Okay : )
>
> 13. I like som help the see what i did wrong, so witch file must i include
> here to you ? (show status/rules/?)
TOM:>>The output of "shorewall status" will tell us.
PLEASE SE BELOW
>
> -----------------------
> PROBLEM
> net=internet
> fw=Shorewall firewall
> loc=local...
>
> fw<-->net    YES
> net<-->fw    YES
> fw<-->loc    YES
> loc<-->fw    YES
> loc<-->net   NO
> net<-->loc   NO
> -----------------------
>
>
> Please have a happy day
Thanks!

-Tom


SHOW STATUS

TERM environment variable not set.
Shorewall-1.4.5 Status at localhost.localdomain - Thu Jul 17 14:45:18 CEST
2003

Counters reset Thu Jul 17 14:44:12 CEST 2003

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination
 1204 97209 ACCEPT     all  --  lo     *       0.0.0.0/0
0.0.0.0/0
    0     0 DROP      !icmp --  *      *       0.0.0.0/0
0.0.0.0/0          state INVALID
    0     0 eth0_in    all  --  eth0   *       0.0.0.0/0
0.0.0.0/0
    8   480 eth1_in    all  --  eth1   *       0.0.0.0/0
0.0.0.0/0
    0     0 common     all  --  *      *       0.0.0.0/0
0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:INPUT:DROP:''
    0     0 DROP       all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination
    0     0 DROP      !icmp --  *      *       0.0.0.0/0
0.0.0.0/0          state INVALID
    0     0 eth0_fwd   all  --  eth0   *       0.0.0.0/0
0.0.0.0/0
    8   540 eth1_fwd   all  --  eth1   *       0.0.0.0/0
0.0.0.0/0
    0     0 common     all  --  *      *       0.0.0.0/0
0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:FORWARD:DROP:''
    0     0 DROP       all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination
 1204 97209 ACCEPT     all  --  *      lo      0.0.0.0/0
0.0.0.0/0
    0     0 DROP      !icmp --  *      *       0.0.0.0/0
0.0.0.0/0          state INVALID
    0     0 fw2net     all  --  *      eth0    0.0.0.0/0
0.0.0.0/0
    8   480 fw2loc     all  --  *      eth1    0.0.0.0/0
0.0.0.0/0
    0     0 common     all  --  *      *       0.0.0.0/0
0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:OUTPUT:DROP:''
    0     0 DROP       all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain common (3 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 icmpdef    icmp --  *      *       0.0.0.0/0
0.0.0.0/0
    0     0 reject     udp  --  *      *       0.0.0.0/0
0.0.0.0/0          udp dpt:135
    0     0 reject     udp  --  *      *       0.0.0.0/0
0.0.0.0/0          udp dpts:137:139
    0     0 reject     udp  --  *      *       0.0.0.0/0
0.0.0.0/0          udp dpt:445
    0     0 reject     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:139
    0     0 reject     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:445
    0     0 reject     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:135
    0     0 DROP       udp  --  *      *       0.0.0.0/0
0.0.0.0/0          udp dpt:1900
    0     0 DROP       all  --  *      *       0.0.0.0/0
255.255.255.255
    0     0 DROP       all  --  *      *       0.0.0.0/0
224.0.0.0/4
    0     0 reject     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:113
    0     0 DROP       udp  --  *      *       0.0.0.0/0
0.0.0.0/0          udp spt:53 state NEW
    0     0 DROP       all  --  *      *       0.0.0.0/0
194.192.108.47
    0     0 DROP       all  --  *      *       0.0.0.0/0
192.168.1.255

Chain dynamic (4 references)
 pkts bytes target     prot opt in     out     source
destination

Chain eth0_fwd (1 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 dynamic    all  --  *      *       0.0.0.0/0
0.0.0.0/0
    0     0 net2loc    all  --  *      eth1    0.0.0.0/0
0.0.0.0/0

Chain eth0_in (1 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 dynamic    all  --  *      *       0.0.0.0/0
0.0.0.0/0
    0     0 net2fw     all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain eth1_fwd (1 references)
 pkts bytes target     prot opt in     out     source
destination
    8   540 dynamic    all  --  *      *       0.0.0.0/0
0.0.0.0/0
    8   540 loc2net    all  --  *      eth0    0.0.0.0/0
0.0.0.0/0

Chain eth1_in (1 references)
 pkts bytes target     prot opt in     out     source
destination
    8   480 dynamic    all  --  *      *       0.0.0.0/0
0.0.0.0/0
    8   480 loc2fw     all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain fw2loc (1 references)
 pkts bytes target     prot opt in     out     source
destination
    8   480 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0          icmp type 8
    0     0 LOG        all  --  *      *       0.0.0.0/0
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:fw2loc:ACCEPT:''
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain fw2net (1 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp dpt:53
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW udp dpt:53
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0          icmp type 8
    0     0 LOG        all  --  *      *       0.0.0.0/0
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:fw2net:ACCEPT:''
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain icmpdef (1 references)
 pkts bytes target     prot opt in     out     source
destination

Chain loc2fw (1 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp dpt:22
    8   480 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0          icmp type 8
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain loc2net (1 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
    8   540 LOG        all  --  *      *       0.0.0.0/0
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:loc2net:ACCEPT:''
    8   540 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain net2all (0 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
    0     0 LOG        all  --  *      *       0.0.0.0/0
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:net2all:ACCEPT:''
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain net2fw (1 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0          icmp type 8
    0     0 LOG        all  --  *      *       0.0.0.0/0
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:net2fw:ACCEPT:''
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain net2loc (1 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED
    0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
    0     0 LOG        all  --  *      *       0.0.0.0/0
0.0.0.0/0          LOG flags 0 level 6 prefix
`Shorewall:net2loc:ACCEPT:''
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain newnotsyn (7 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 DROP       all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain reject (7 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          reject-with tcp-reset
    0     0 REJECT     udp  --  *      *       0.0.0.0/0
0.0.0.0/0          reject-with icmp-port-unreachable
    0     0 REJECT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0          reject-with icmp-host-unreachable
    0     0 REJECT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          reject-with icmp-host-prohibited

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source
destination

Jul 17 14:41:04 loc2net:ACCEPT:IN=eth1 OUT=eth0 SRC=192.168.1.2
DST=194.239.134.83 LEN=75 TOS=0x00 PREC=0x00 TTL=63 ID=62288 DF PROTO=UDP
SPT=33222 DPT=53 LEN=55
Jul 17 14:41:09 loc2net:ACCEPT:IN=eth1 OUT=eth0 SRC=192.168.1.2
DST=193.162.153.164 LEN=75 TOS=0x00 PREC=0x00 TTL=63 ID=62789 DF PROTO=UDP
SPT=33223 DPT=53 LEN=55
Jul 17 14:42:14 loc2net:ACCEPT:IN=eth1 OUT=eth0 SRC=192.168.1.2
DST=194.239.134.83 LEN=65 TOS=0x00 PREC=0x00 TTL=63 ID=4756 DF PROTO=UDP
SPT=33223 DPT=53 LEN=45
Jul 17 14:42:19 loc2net:ACCEPT:IN=eth1 OUT=eth0 SRC=192.168.1.2
DST=193.162.153.164 LEN=65 TOS=0x00 PREC=0x00 TTL=63 ID=5257 DF PROTO=UDP
SPT=33224 DPT=53 LEN=45
Jul 17 14:42:24 loc2net:ACCEPT:IN=eth1 OUT=eth0 SRC=192.168.1.2
DST=194.239.134.83 LEN=65 TOS=0x00 PREC=0x00 TTL=63 ID=4757 DF PROTO=UDP
SPT=33223 DPT=53 LEN=45
Jul 17 14:42:29 loc2net:ACCEPT:IN=eth1 OUT=eth0 SRC=192.168.1.2
DST=193.162.153.164 LEN=65 TOS=0x00 PREC=0x00 TTL=63 ID=5258 DF PROTO=UDP
SPT=33224 DPT=53 LEN=45
Jul 17 14:42:34 loc2net:ACCEPT:IN=eth1 OUT=eth0 SRC=192.168.1.2
DST=194.239.134.83 LEN=75 TOS=0x00 PREC=0x00 TTL=63 ID=6760 DF PROTO=UDP
SPT=33224 DPT=53 LEN=55
Jul 17 14:42:39 loc2net:ACCEPT:IN=eth1 OUT=eth0 SRC=192.168.1.2
DST=193.162.153.164 LEN=75 TOS=0x00 PREC=0x00 TTL=63 ID=7261 DF PROTO=UDP
SPT=33225 DPT=53 LEN=55
Jul 17 14:42:44 loc2net:ACCEPT:IN=eth1 OUT=eth0 SRC=192.168.1.2
DST=194.239.134.83 LEN=75 TOS=0x00 PREC=0x00 TTL=63 ID=6761 DF PROTO=UDP
SPT=33224 DPT=53 LEN=55
Jul 17 14:42:49 loc2net:ACCEPT:IN=eth1 OUT=eth0 SRC=192.168.1.2
DST=193.162.153.164 LEN=75 TOS=0x00 PREC=0x00 TTL=63 ID=7262 DF PROTO=UDP
SPT=33225 DPT=53 LEN=55
Jul 17 14:43:54 loc2net:ACCEPT:IN=eth1 OUT=eth0 SRC=192.168.1.2
DST=194.239.134.83 LEN=65 TOS=0x00 PREC=0x00 TTL=63 ID=14765 DF PROTO=UDP
SPT=33225 DPT=53 LEN=45
Jul 17 14:43:59 loc2net:ACCEPT:IN=eth1 OUT=eth0 SRC=192.168.1.2
DST=193.162.153.164 LEN=65 TOS=0x00 PREC=0x00 TTL=63 ID=15266 DF PROTO=UDP
SPT=33226 DPT=53 LEN=45
Jul 17 14:44:14 loc2net:ACCEPT:IN=eth1 OUT=eth0 SRC=192.168.1.2
DST=194.239.134.83 LEN=75 TOS=0x00 PREC=0x00 TTL=63 ID=16769 DF PROTO=UDP
SPT=33226 DPT=53 LEN=55
Jul 17 14:44:19 loc2net:ACCEPT:IN=eth1 OUT=eth0 SRC=192.168.1.2
DST=193.162.153.164 LEN=75 TOS=0x00 PREC=0x00 TTL=63 ID=17270 DF PROTO=UDP
SPT=33227 DPT=53 LEN=55
Jul 17 14:44:24 loc2net:ACCEPT:IN=eth1 OUT=eth0 SRC=192.168.1.2
DST=194.239.134.83 LEN=75 TOS=0x00 PREC=0x00 TTL=63 ID=16770 DF PROTO=UDP
SPT=33226 DPT=53 LEN=55
Jul 17 14:44:29 loc2net:ACCEPT:IN=eth1 OUT=eth0 SRC=192.168.1.2
DST=193.162.153.164 LEN=75 TOS=0x00 PREC=0x00 TTL=63 ID=17271 DF PROTO=UDP
SPT=33227 DPT=53 LEN=55
Jul 17 14:44:47 loc2net:ACCEPT:IN=eth1 OUT=eth0 SRC=192.168.1.5
DST=194.192.108.33 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=228 PROTO=ICMP
TYPE=8 CODE=0 ID=512 SEQ=14336
Jul 17 14:44:52 loc2net:ACCEPT:IN=eth1 OUT=eth0 SRC=192.168.1.5
DST=194.192.108.33 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=229 PROTO=ICMP
TYPE=8 CODE=0 ID=512 SEQ=14592
Jul 17 14:44:57 loc2net:ACCEPT:IN=eth1 OUT=eth0 SRC=192.168.1.5
DST=194.192.108.33 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=230 PROTO=ICMP
TYPE=8 CODE=0 ID=512 SEQ=14848
Jul 17 14:45:02 loc2net:ACCEPT:IN=eth1 OUT=eth0 SRC=192.168.1.5
DST=194.192.108.33 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=231 PROTO=ICMP
TYPE=8 CODE=0 ID=512 SEQ=15104

NAT Table

Chain PREROUTING (policy ACCEPT 312 packets, 35234 bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain POSTROUTING (policy ACCEPT 1228 packets, 84178 bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain OUTPUT (policy ACCEPT 1088 packets, 74148 bytes)
 pkts bytes target     prot opt in     out     source
destination

Mangle Table

Chain PREROUTING (policy ACCEPT 64322 packets, 7886K bytes)
 pkts bytes target     prot opt in     out     source
destination
 1570  132K pretos     all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain INPUT (policy ACCEPT 62074 packets, 7702K bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain FORWARD (policy ACCEPT 2246 packets, 183K bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain OUTPUT (policy ACCEPT 61452 packets, 4985K bytes)
 pkts bytes target     prot opt in     out     source
destination
 1562  132K outtos     all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 63686 packets, 5167K bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain outtos (1 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:22 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp spt:22 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:21 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp spt:21 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp spt:20 TOS set 0x08
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:20 TOS set 0x08

Chain pretos (1 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:22 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp spt:22 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:21 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp spt:21 TOS set 0x10
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp spt:20 TOS set 0x08
    0     0 TOS        tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          tcp dpt:20 TOS set 0x08

tcp      6 96 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33781 dport=631
src=127.0.0.1 dst=127.0.0.1 sport=631 dport=33781 [ASSURED] use=1
tcp      6 76 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33777 dport=631
src=127.0.0.1 dst=127.0.0.1 sport=631 dport=33777 [ASSURED] use=1
tcp      6 53 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33770 dport=10000
src=127.0.0.1 dst=127.0.0.1 sport=10000 dport=33770 [ASSURED] use=1
tcp      6 15 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33761 dport=631
src=127.0.0.1 dst=127.0.0.1 sport=631 dport=33761 [ASSURED] use=1
tcp      6 101 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33782 dport=631
src=127.0.0.1 dst=127.0.0.1 sport=631 dport=33782 [ASSURED] use=1
tcp      6 0 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33758 dport=631
src=127.0.0.1 dst=127.0.0.1 sport=631 dport=33758 [ASSURED] use=1
tcp      6 20 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33762 dport=631
src=127.0.0.1 dst=127.0.0.1 sport=631 dport=33762 [ASSURED] use=1
tcp      6 10 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33760 dport=631
src=127.0.0.1 dst=127.0.0.1 sport=631 dport=33760 [ASSURED] use=1
tcp      6 41 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33766 dport=631
src=127.0.0.1 dst=127.0.0.1 sport=631 dport=33766 [ASSURED] use=1
tcp      6 48 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33768 dport=10000
src=127.0.0.1 dst=127.0.0.1 sport=10000 dport=33768 [ASSURED] use=1
tcp      6 116 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33785 dport=631
src=127.0.0.1 dst=127.0.0.1 sport=631 dport=33785 [ASSURED] use=1
tcp      6 81 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33778 dport=631
src=127.0.0.1 dst=127.0.0.1 sport=631 dport=33778 [ASSURED] use=1
tcp      6 46 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33769 dport=631
src=127.0.0.1 dst=127.0.0.1 sport=631 dport=33769 [ASSURED] use=1
tcp      6 54 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33772 dport=10000
src=127.0.0.1 dst=127.0.0.1 sport=10000 dport=33772 [ASSURED] use=1
tcp      6 111 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33784 dport=631
src=127.0.0.1 dst=127.0.0.1 sport=631 dport=33784 [ASSURED] use=1
tcp      6 56 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33773 dport=631
src=127.0.0.1 dst=127.0.0.1 sport=631 dport=33773 [ASSURED] use=1
tcp      6 61 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33774 dport=631
src=127.0.0.1 dst=127.0.0.1 sport=631 dport=33774 [ASSURED] use=1
tcp      6 43 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33767 dport=10000
src=127.0.0.1 dst=127.0.0.1 sport=10000 dport=33767 [ASSURED] use=1
tcp      6 86 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33779 dport=631
src=127.0.0.1 dst=127.0.0.1 sport=631 dport=33779 [ASSURED] use=1
tcp      6 5 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33759 dport=631
src=127.0.0.1 dst=127.0.0.1 sport=631 dport=33759 [ASSURED] use=1
tcp      6 106 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33783 dport=631
src=127.0.0.1 dst=127.0.0.1 sport=631 dport=33783 [ASSURED] use=1
tcp      6 30 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33764 dport=631
src=127.0.0.1 dst=127.0.0.1 sport=631 dport=33764 [ASSURED] use=1
icmp     1 13 src=192.168.1.5 dst=194.192.108.33 type=8 code=0 id=512
[UNREPLIED] src=194.192.108.33 dst=192.168.1.5 type=0 code=0 id=512 use=1
tcp      6 432000 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=33786
dport=10000 src=127.0.0.1 dst=127.0.0.1 sport=10000 dport=33786 [ASSURED]
use=1
tcp      6 66 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33775 dport=631
src=127.0.0.1 dst=127.0.0.1 sport=631 dport=33775 [ASSURED] use=1
tcp      6 25 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33763 dport=631
src=127.0.0.1 dst=127.0.0.1 sport=631 dport=33763 [ASSURED] use=1
tcp      6 71 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33776 dport=631
src=127.0.0.1 dst=127.0.0.1 sport=631 dport=33776 [ASSURED] use=1
tcp      6 50 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33771 dport=631
src=127.0.0.1 dst=127.0.0.1 sport=631 dport=33771 [ASSURED] use=1
tcp      6 35 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=33765 dport=631
src=127.0.0.1 dst=127.0.0.1 sport=631 dport=33765 [ASSURED] use=1


Kim
- The newbie : )
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.501 / Virus Database: 299 - Release Date: 14-07-2003

Tom Eastep

2003-Jul-17 12:31 UTC

head link

SV: [Shorewall-users] Shorewall stopped working properly

On Thu, 17 Jul 2003 21:16:26 +0200, Kim Christensen <kim@cybercode.dk> 
wrote:

> TOM:
>>> The output of "shorewall status" will tell us.
>
> PLEASE SE BELOW
>
Looks like you had no entry in /etc/shorewall/masq.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Shorewall users - Jul 2003 - Shorewall stopped working properly

[Shorewall-users] Shorewall stopped working properly

[Shorewall-users] Shorewall stopped working properly

SV: [Shorewall-users] Shorewall stopped working properly

SV: [Shorewall-users] Shorewall stopped working properly