Hi everyone, I''ve set up for a fixed-IP machine (W.X.Y.Z) a very simple one-interface Shorewall 1.4.6 configuration, using the default one-interface files, including : interfaces : net eth0 detect norfc1918,routefilter zones : net Net Internet policy : fw net ACCEPT net all DROP info all all REJECT info rules : ACCEPT net fw icmp 8 Everything runs OK, but I observe the following packets on tcpdump : 22:42:58.998064 A.B.C.D.4889 > W.X.Y.Z.135: S 1106616440:1106616440(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) 22:42:58.998206 W.X.Y.Z.135 > A.B.C.D.4889: R 0:0(0) ack 1106616441 win 0 (DF) Connection from outside to port 135 results in a REJECT, without any logging. It should be caught by the net2all rule : DROPPED and LOGGED. What does this mean ? Does the kernel IP stack reject the packet before it entrers the Netfilter rules ? Is there something I missed ? I searched through the archives but noone seems to have a problem with a configuration that simple ;) I observe the same probes on port 445 with the same results. Thanks in adavnce for any explanation you could give. - Thierry
> Hi everyone, > > I''ve set up for a fixed-IP machine (W.X.Y.Z) a very simpleone-interface> Shorewall 1.4.6 configuration, using the defaultone-interface files,> including : > > interfaces : > net eth0 detect norfc1918,routefilter > > zones : > net Net Internet > > policy : > fw net ACCEPT > net all DROP info > all all REJECT info > > rules : > ACCEPT net fw icmp 8 > > Everything runs OK, but I observe the following packets ontcpdump :> > 22:42:58.998064 A.B.C.D.4889 > W.X.Y.Z.135: S1106616440:1106616440(0)> win 64240 <mss 1460,nop,nop,sackOK> (DF) > 22:42:58.998206 W.X.Y.Z.135 > A.B.C.D.4889: R 0:0(0) ack1106616441 win> 0 (DF) > > Connection from outside to port 135 results in a REJECT,without any> logging. It should be caught by the net2all rule : DROPPEDand LOGGED.> > What does this mean ? Does the kernel IP stack reject thepacket before> it entrers the Netfilter rules ? Is there something Imissed ? I> searched through the archives but noone seems to have aproblem with a> configuration that simple ;) > > I observe the same probes on port 445 with the sameresults.> > Thanks in adavnce for any explanation you could give.Check out the common.def file.... Jerry Vonau
From Jerry Vonau: > Check out the common.def file.... OOps... So I *did* miss something. Thanks Jerry for pointing that out. I even missed the FAQ item 4 which was about this, shame on me. Sorry for the inconvenience, - Thierry
On Fri, 2003-10-24 at 01:29, Listes wrote:> policy : > fw net ACCEPT > net all DROP info > all all REJECT info > > rules : > ACCEPT net fw icmp 8 > > Everything runs OK, but I observe the following packets on tcpdump : > > 22:42:58.998064 A.B.C.D.4889 > W.X.Y.Z.135: S 1106616440:1106616440(0) > win 64240 <mss 1460,nop,nop,sackOK> (DF) > 22:42:58.998206 W.X.Y.Z.135 > A.B.C.D.4889: R 0:0(0) ack 1106616441 win > 0 (DF) > > Connection from outside to port 135 results in a REJECT, without any > logging. It should be caught by the net2all rule : DROPPED and LOGGED. >This is a FAQ. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net