Shorewall users - Oct 2003 - Loss of connection

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Below is a logfile snippet taken from /var/log/messages.  Sometimes, the
internet will just stop working on certain machines, but only for a given amount
of time, then it begins to work again.

Here is my setup:

There is a dsl modem, going to a linksys router (192.168.0.1).  That router is
DMZ to alpha eth0 (192.168.0.10), the shorewall box having issues.  Alpha eth1
(192.168.0.200) then routes internet out to the local lan.

This is a mind boggling problem.  Input will be much appreciated.

Oct 20 21:05:09 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=213.165.64.20 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=49594
DF PROTO=TCP SPT=2862 DPT=110 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 20 21:05:09 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=209.61.189.45 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=49595
DF PROTO=TCP SPT=2861 DPT=110 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 20 21:05:09 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=209.61.189.45 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=49596
DF PROTO=TCP SPT=2860 DPT=110 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 20 21:05:21 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=209.61.189.45 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=49673
DF PROTO=TCP SPT=2861 DPT=110 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 20 21:05:21 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=209.61.189.45 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=49674
DF PROTO=TCP SPT=2860 DPT=110 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 20 21:05:21 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=213.165.64.20 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=49675
DF PROTO=TCP SPT=2862 DPT=110 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 20 21:08:00 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=209.61.189.45 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=50626
DF PROTO=TCP SPT=2863 DPT=110 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 20 21:08:00 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=209.61.189.45 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=50627
DF PROTO=TCP SPT=2864 DPT=110 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 20 21:08:00 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=213.165.64.20 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=50628
DF PROTO=TCP SPT=2865 DPT=110 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 20 21:08:00 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=68.112.192.11 LEN=58 TOS=0x00 PREC=0x00 TTL=127 ID=50629
PROTO=UDP SPT=1725 DPT=53 LEN=38
Oct 20 21:08:00 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=68.112.192.11 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=50630
PROTO=UDP SPT=1074 DPT=53 LEN=44
Oct 20 21:08:01 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=68.112.192.9 LEN=58 TOS=0x00 PREC=0x00 TTL=127 ID=50640
PROTO=UDP SPT=1725 DPT=53 LEN=38
Oct 20 21:08:01 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=68.112.192.9 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=50641
PROTO=UDP SPT=1074 DPT=53 LEN=44
Oct 20 21:08:02 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=204.57.55.100 LEN=58 TOS=0x00 PREC=0x00 TTL=127 ID=50648
PROTO=UDP SPT=1725 DPT=53 LEN=38
Oct 20 21:08:02 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=204.57.55.100 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=50649
PROTO=UDP SPT=1074 DPT=53 LEN=44
Oct 20 21:08:03 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=209.61.189.45 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=50660
DF PROTO=TCP SPT=2863 DPT=110 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 20 21:08:03 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=209.61.189.45 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=50661
DF PROTO=TCP SPT=2864 DPT=110 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 20 21:08:03 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=213.165.64.20 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=50662
DF PROTO=TCP SPT=2865 DPT=110 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 20 21:08:04 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=68.112.192.11 LEN=58 TOS=0x00 PREC=0x00 TTL=127 ID=50696
PROTO=UDP SPT=1725 DPT=53 LEN=38
Oct 20 21:08:04 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=68.112.192.9 LEN=58 TOS=0x00 PREC=0x00 TTL=127 ID=50697
PROTO=UDP SPT=1725 DPT=53 LEN=38
Oct 20 21:08:04 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=204.57.55.100 LEN=58 TOS=0x00 PREC=0x00 TTL=127 ID=50698
PROTO=UDP SPT=1725 DPT=53 LEN=38
Oct 20 21:08:04 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=199.166.24.253 LEN=58 TOS=0x00 PREC=0x00 TTL=127 ID=50699
PROTO=UDP SPT=1725 DPT=53 LEN=38
Oct 20 21:08:04 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=199.166.28.10 LEN=58 TOS=0x00 PREC=0x00 TTL=127 ID=50700
PROTO=UDP SPT=1725 DPT=53 LEN=38
Oct 20 21:08:04 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=68.112.192.11 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=50702
PROTO=UDP SPT=1074 DPT=53 LEN=44
Oct 20 21:08:04 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=68.112.192.9 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=50703
PROTO=UDP SPT=1074 DPT=53 LEN=44
Oct 20 21:08:04 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=204.57.55.100 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=50704
PROTO=UDP SPT=1074 DPT=53 LEN=44
Oct 20 21:08:04 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=199.166.24.253 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=50705
PROTO=UDP SPT=1074 DPT=53 LEN=44
Oct 20 21:08:04 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=199.166.28.10 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=50706
PROTO=UDP SPT=1074 DPT=53 LEN=44
Oct 20 21:08:08 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=68.112.192.11 LEN=58 TOS=0x00 PREC=0x00 TTL=127 ID=50737
PROTO=UDP SPT=1725 DPT=53 LEN=38
Oct 20 21:08:08 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=68.112.192.9 LEN=58 TOS=0x00 PREC=0x00 TTL=127 ID=50738
PROTO=UDP SPT=1725 DPT=53 LEN=38
Oct 20 21:08:08 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=204.57.55.100 LEN=58 TOS=0x00 PREC=0x00 TTL=127 ID=50739
PROTO=UDP SPT=1725 DPT=53 LEN=38
Oct 20 21:08:08 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=199.166.24.253 LEN=58 TOS=0x00 PREC=0x00 TTL=127 ID=50740
PROTO=UDP SPT=1725 DPT=53 LEN=38
Oct 20 21:08:08 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=199.166.28.10 LEN=58 TOS=0x00 PREC=0x00 TTL=127 ID=50741
PROTO=UDP SPT=1725 DPT=53 LEN=38
Oct 20 21:08:08 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=68.112.192.11 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=50743
PROTO=UDP SPT=1074 DPT=53 LEN=44
Oct 20 21:08:08 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=68.112.192.9 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=50744
PROTO=UDP SPT=1074 DPT=53 LEN=44
Oct 20 21:08:08 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=204.57.55.100 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=50745
PROTO=UDP SPT=1074 DPT=53 LEN=44
Oct 20 21:08:08 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=199.166.24.253 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=50746
PROTO=UDP SPT=1074 DPT=53 LEN=44
Oct 20 21:08:08 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=199.166.28.10 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=50747
PROTO=UDP SPT=1074 DPT=53 LEN=44
Oct 20 21:08:09 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=209.61.189.45 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=50753
DF PROTO=TCP SPT=2863 DPT=110 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 20 21:08:09 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=213.165.64.20 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=50754
DF PROTO=TCP SPT=2865 DPT=110 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 20 21:08:09 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=209.61.189.45 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=50755
DF PROTO=TCP SPT=2864 DPT=110 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 20 21:08:21 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=209.61.189.45 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=50839
DF PROTO=TCP SPT=2863 DPT=110 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 20 21:08:21 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=213.165.64.20 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=50840
DF PROTO=TCP SPT=2865 DPT=110 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 20 21:08:21 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=209.61.189.45 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=50841
DF PROTO=TCP SPT=2864 DPT=110 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 20 21:08:36 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=203.194.198.77 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=50976
DF PROTO=TCP SPT=2866 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 20 21:08:39 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=203.194.198.77 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=50996
DF PROTO=TCP SPT=2866 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0
Oct 20 21:08:45 Alpha kernel: Shorewall:FORWARD:DROP:IN=eth0 OUT=eth0
SRC=192.168.0.101 DST=203.194.198.77 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=51029
DF PROTO=TCP SPT=2866 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0

- --
Aaron Axelsen
AIM: aaak2
Email: axelseaa@amadmax.com



-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBP5SaA7rnDjSLw9ADEQJ7PQCgvSuRRhQtvAh6Gf5JkhshfxJVBiUAoNLf
w61iHEZSo6EAIpf6JGwFEV3k
=qupy
-----END PGP SIGNATURE-----

On Mon, 20 Oct 2003, Aaron Axelsen wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Below is a logfile snippet taken from /var/log/messages.  Sometimes, the
internet will just stop working on certain machines, but only for a given amount
of time, then it begins to work again.
>
> Here is my setup:
>
> There is a dsl modem, going to a linksys router (192.168.0.1).  That router
is DMZ to alpha eth0 (192.168.0.10), the shorewall box having issues.  Alpha
eth1 (192.168.0.200) then routes internet out to the local lan.
>
> This is a mind boggling problem.  Input will be much appreciated.
>
Looks like you have two or more firewall interfaces connected to the same
HUB/switch.

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So I take it that this causes the problem?  Is there anyway to correct it
without going to a different switch?

- --
Aaron Axelsen
AIM: aaak2
Email: axelseaa@amadmax.com



- -----Original Message-----
From: shorewall-users-bounces@lists.shorewall.net
[mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Tom Eastep
Sent: Monday, October 20, 2003 9:50 PM
To: Shorewall Users Mailing List
Subject: Re: [Shorewall-users] Loss of connection


On Mon, 20 Oct 2003, Aaron Axelsen wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Below is a logfile snippet taken from /var/log/messages.  Sometimes, 
> the internet will just stop working on certain machines, but only for 
> a given amount of time, then it begins to work again.
>
> Here is my setup:
>
> There is a dsl modem, going to a linksys router (192.168.0.1).  That 
> router is DMZ to alpha eth0 (192.168.0.10), the shorewall box having 
> issues.  Alpha eth1 (192.168.0.200) then routes internet out to the 
> local lan.
>
> This is a mind boggling problem.  Input will be much appreciated.
>
Looks like you have two or more firewall interfaces connected to the same
HUB/switch.

- -Tom
- --
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
_______________________________________________
Shorewall-users mailing list
Post: Shorewall-users@lists.shorewall.net
Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
Support: http://www.shorewall.net/support.htm
FAQ: http://www.shorewall.net/FAQ.htm

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBP5Sf+7rnDjSLw9ADEQKH3wCg38HbeCbUNQDnJFZhYLqQxqVSUXIAoIWX
BnLLw1Ls7BQahFM/S9n387ER
=Y5lE
-----END PGP SIGNATURE-----

On Mon, 20 Oct 2003, Aaron Axelsen wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> So I take it that this causes the problem?
Yes Aaron -- this causes problems.

And anyone who connects interfaces from different zones to the same
HUB/Switch is taking "security by obscurity" to the limits.

Look at the release notes from recent releases -- there are some clues
about how to use this sort of configuration in a TEST environment. No one
should run that way in a production environment.

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

On Mon, 2003-10-20 at 20:11, Tom Eastep wrote:
> Yes Aaron -- this causes problems.
And I advise against it in all three of the multi-interface QuickStart
Guides and there is a note regarding this configuration snafu at
http://shorewall.net/troubleshoot.htm under "Your network environment"
(reached from the home page from the link "Things to try if it
doesn''t
work").

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net