Hello shorewall-users, we have a strange problem where some of our customers cannot access our webshop, but most of the customers can. I have been slowly eliminating possibilities and am now left with either the firewall (Shorewall 1.4) or the webshop server. What appears a lot in the logfiles is: Jul 26 11:51:04 gw kernel: Shorewall:logdrop:DROP:IN=eth0 OUT=eth1 SRC=84.128.198.240 DST=10.7.18.5 LEN=48 TOS=0x00 PREC=0x00 TTL=50 ID=4229 DF PROTO=TCP SPT=1888 DPT=80 WIND OW=32768 RES=0x00 SYN URGP=0 Can somebody explain why this packet is being dropped as the Source address is a "good" address and does not appear in the rfc1918 file thank you, Graham -- Graham K. Dodd Director of Operations Falk & Ross GmbH Tel: 06301 717 0
> Hello shorewall-users, > > we have a strange problem where some of our customers cannot access our > webshop, but most of the customers can. I have been slowly eliminating > possibilities and am now left with either the firewall (Shorewall 1.4) > or the > webshop server. > > What appears a lot in the logfiles is: > > Jul 26 11:51:04 gw kernel: Shorewall:logdrop:DROP:IN=eth0 OUT=eth1 > SRC=84.128.198.240 DST=10.7.18.5 LEN=48 TOS=0x00 PREC=0x00 TTL=50 ID=4229 > DF PROTO=TCP SPT=1888 DPT=80 WIND > OW=32768 RES=0x00 SYN URGP=0 > > Can somebody explain why this packet is being dropped as the Source > address > is a "good" address and does not appear in the rfc1918 fileNobody can help you until you provide your shorewall config. We don''t know what are "good" addresses in your setup. Simon> > thank you, > > Graham > > -- > Graham K. Dodd > Director of Operations > Falk & Ross GmbH > Tel: 06301 717 0 > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm > >
Graham Dodd wrote:> Hello shorewall-users, > > we have a strange problem where some of our customers cannot access our > webshop, but most of the customers can. I have been slowly eliminating > possibilities and am now left with either the firewall (Shorewall 1.4) or the > webshop server. > > What appears a lot in the logfiles is: > > Jul 26 11:51:04 gw kernel: Shorewall:logdrop:DROP:IN=eth0 OUT=eth1 SRC=84.128.198.240 DST=10.7.18.5 LEN=48 TOS=0x00 PREC=0x00 TTL=50 ID=4229 DF PROTO=TCP SPT=1888 DPT=80 WIND > OW=32768 RES=0x00 SYN URGP=0 > > Can somebody explain why this packet is being dropped as the Source address > is a "good" address and does not appear in the rfc1918 fileThe destination IP address is reserved by RFC 1918. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Hello Tom, Monday, July 26, 2004, 3:28:08 PM, you wrote: TE> Graham Dodd wrote:>> Hello shorewall-users, >> >> we have a strange problem where some of our customers cannot access our >> webshop, but most of the customers can. I have been slowly eliminating >> possibilities and am now left with either the firewall (Shorewall 1.4) or the >> webshop server. >> >> What appears a lot in the logfiles is: >> >> Jul 26 11:51:04 gw kernel: Shorewall:logdrop:DROP:IN=eth0 OUT=eth1 >> SRC=84.128.198.240 DST=10.7.18.5 LEN=48 TOS=0x00 PREC=0x00 TTL=50 >> ID=4229 DF PROTO=TCP SPT=1888 DPT=80 WIND >> OW=32768 RES=0x00 SYN URGP=0 >> >> Can somebody explain why this packet is being dropped as the Source address >> is a "good" address and does not appear in the rfc1918 fileTE> The destination IP address is reserved by RFC 1918. which should mean that all packets for the webshop get dropped...... why is it that only a few customers have problems ? If I comment out 10.0.0.0/8 in RFC1918 does this open up any "holes" that I should be aware of Graham -- Graham K. Dodd Director of Operations Falk & Ross GmbH Tel: 06301 717 0