Shorewall users - Sep 2003 - Log entry??

I have squid and squid guard running on this server, cant
understand
why I get this log. Everything is working as designed, just
this log like shorewall
is blocking squid access but client browsers work fine.
(transparent proxy setup)


Sep 19 07:10:32 ns3 kernel: Shorewall:newnotsyn:DROP:IN=eth1
OUT= MAC=00:50:bf:79:1c:d8:00:04:e2:18:b7:51:08:00
SRC=10.5.198.21 DST=10.5.198.20 LEN=40 TOS=0x00 PREC=0x00
TTL=128 ID=16801 DF PROTO=TCP SPT=3553 DPT=3128 WINDOW=63846

eth0      Link encap:Ethernet  HWaddr 00:0C:76:1A:D3:19
          inet addr:64.42.49.235  Bcast:64.42.49.239
Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14664 errors:0 dropped:0 overruns:0
frame:0
          TX packets:17969 errors:0 dropped:0 overruns:0
carrier:0
          collisions:0 txqueuelen:100
          RX bytes:2746576 (2.6 Mb)  TX bytes:1515275 (1.4
Mb)
          Interrupt:11 Base address:0x4000

eth1      Link encap:Ethernet  HWaddr 00:50:BF:79:1C:D8
          inet addr:10.5.198.20  Bcast:10.5.198.255
Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:197856 errors:0 dropped:0 overruns:0
frame:0
          TX packets:115155 errors:0 dropped:0 overruns:0
carrier:0
          collisions:0 txqueuelen:100
          RX bytes:247633770 (236.1 Mb)  TX bytes:19929166
(19.0 Mb)
          Interrupt:10 Base address:0xef00
# Accept DNS connections from the firewall to the network
#
ACCEPT  fw  net  tcp 53
ACCEPT  fw  net  udp 53
ACCEPT   net fw  tcp 1723
ACCEPT  net fw  47 -
ACCEPT  fw net  47 -
#
# Accept SSH connections from the local network for
administration
#
ACCEPT  loc  fw  tcp 22
ACCEPT   loc  fw  tcp 10000
ACCEPT  loc  fw  tcp 80
ACCEPT  loc  fw  tcp 3128
REDIRECT loc  3128  tcp www - !10.5.198.20
#
#  Samba
ACCEPT   fw   loc   udp  137:139
ACCEPT   fw   loc   tcp  137,139,445
ACCEPT   fw   fw   udp  137:139
ACCEPT   loc   fw   tcp  137,139,445
ACCEPT   loc   fw   udp  1024: 137
#
#
# Allow Ping To And From Firewall
#
ACCEPT  loc  fw  icmp 8
ACCEPT  net  fw  icmp 8
ACCEPT  fw  loc  icmp 8
ACCEPT  fw  net  icmp 8
#
#
ACCEPT   net  fw  tcp 10000
ACCEPT  net  fw  tcp 22
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE


Thanks,
Mike

On Fri, 2003-09-19 at 09:00, Mike wrote:
> I have squid and squid guard running on this server, cant
> understand
> why I get this log. Everything is working as designed, just
> this log like shorewall
> is blocking squid access but client browsers work fine.
> (transparent proxy setup)
> Sep 19 07:10:32 ns3 kernel: Shorewall:newnotsyn:DROP:IN=eth1
> OUT= MAC=00:50:bf:79:1c:d8:00:04:e2:18:b7:51:08:00
> SRC=10.5.198.21 DST=10.5.198.20 LEN=40 TOS=0x00 PREC=0x00
> TTL=128 ID=16801 DF PROTO=TCP SPT=3553 DPT=3128 WINDOW=63846
Why don''t you set NEWNOTSYN=Yes then.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

----- Original Message ----- 
From: "Tom Eastep" <teastep@shorewall.net>
To: "Shorewall Users Mailing List"
<shorewall-users@lists.shorewall.net>
Sent: Friday, September 19, 2003 9:43 AM
Subject: Re: [Shorewall-users] Log entry??


On Fri, 2003-09-19 at 09:00, Mike wrote:
> I have squid and squid guard running on this server, cant
> understand
> why I get this log. Everything is working as designed,
just
> this log like shorewall
> is blocking squid access but client browsers work fine.
> (transparent proxy setup)
> Sep 19 07:10:32 ns3 kernel:
Shorewall:newnotsyn:DROP:IN=eth1
> OUT= MAC=00:50:bf:79:1c:d8:00:04:e2:18:b7:51:08:00
> SRC=10.5.198.21 DST=10.5.198.20 LEN=40 TOS=0x00 PREC=0x00
> TTL=128 ID=16801 DF PROTO=TCP SPT=3553 DPT=3128
WINDOW=63846

Why don''t you set NEWNOTSYN=Yes then.


-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Thanks Tom,
    I was just reading your FAQ which led me
to that entry. Amazing just amazing that you have all this
documentation.
And that you have helped so many organazations and people.
I remember talking to you years ago when you started all
this
with seawall, and I was trying to write firewalls with
ipchains.
and you said "why don''t you try my firewall". Remember that?
    I have been using them since, time for me to donate.
I set up your system for the Boys and Girls Club they have a
great network with shorewall and squidgaurd protecting them.
 I dont understand SYN packets being dropped yet. I have
read about it
on your site, don''t understand yet. I am guessing that the
log entry is a
broken connection?

Thank you,
Mike
_______________________________________________
Shorewall-users mailing list
Post: Shorewall-users@lists.shorewall.net
Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
Support: http://www.shorewall.net/support.htm
FAQ: http://www.shorewall.net/FAQ.htm

On Fri, 19 Sep 2003, Mike wrote:
> I remember talking to you years ago when you started all this with
> seawall, and I was trying to write firewalls with ipchains. and you said
> "why don''t you try my firewall". Remember that?
Yep -- :-)
>??? I have been using them since, time for me to donate.
> I set up your system for the Boys and Girls Club they have a
> great network with shorewall and squidgaurd protecting them.
>
Cool!
 
> I dont understand SYN packets being dropped yet. I have read about it on
> your site, don''t understand yet. I am guessing that the log entry
is a
> broken connection?
Yes -- It is a connection that isn''t being tracked for some reason (you
omitted the TCP flags part of the message so it is impossible for me to
tell what exactly is happening).

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net