Shorewall users - Jun 2005 - help connection is dropping every 10min

Hi, 
I have some problems with shorewall,
I got disconnected every 10 minutes..
All the connections stops 

I am using Shorewall version 2.4.0-RC2
and it is running on debian 3.1r0

I can''t seem to find the problem.

I hope you can help me with this. i post my log so that you can maby
see where the problem is.(i have filtert some ip addresses)

/sbin/shorewall show log
Shorewall-2.4.0-RC2 Log at St-router - za jun 11 18:35:07 CEST 2005

Counters reset Sat Jun 11 16:00:06 CEST 2005

Jun 11 18:32:47 localhost Shorewall:all2all:REJECT:IN= OUT=eth1
SRC=192.168.X.X DST=192.168.X.X LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=1078 DF PROTO=UDP SPT=67 DPT=68 LEN=308
Jun 11 18:32:57 localhost Shorewall:net2all:DROP:IN=eth0 OUTSRC=218.25.230.245
DST=84.41.X.X LEN=404 TOS=0x00 PREC=0x00 TTL=109
ID=50929 PROTO=UDP SPT=4288 DPT=1434 LEN=384
Jun 11 18:32:59 localhost Shorewall:all2all:REJECT:IN=eth1 OUTSRC=192.168.X.X
DST=192.168.X.X LEN=330 TOS=0x00 PREC=0x00 TTL=128
ID=48701 PROTO=UDP SPT=68 DPT=67 LEN=310
Jun 11 18:32:59 localhost Shorewall:all2all:REJECT:IN= OUT=eth1
SRC=192.168.X.X DST=192.168.X.X LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=1079 DF PROTO=UDP SPT=67 DPT=68 LEN=308
Jun 11 18:33:03 localhost Shorewall:all2all:REJECT:IN=eth1 OUTSRC=192.168.X.X
DST=192.168.X.X LEN=330 TOS=0x00 PREC=0x00 TTL=128
ID=48704 PROTO=UDP SPT=68 DPT=67 LEN=310
Jun 11 18:33:03 localhost Shorewall:all2all:REJECT:IN= OUT=eth1
SRC=192.168.X.X DST=192.168.X.X LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=1080 DF PROTO=UDP SPT=67 DPT=68 LEN=308
Jun 11 18:33:11 localhost Shorewall:all2all:REJECT:IN=eth1 OUTSRC=192.168.X.X
DST=192.168.X.X LEN=330 TOS=0x00 PREC=0x00 TTL=128
ID=48719 PROTO=UDP SPT=68 DPT=67 LEN=310
Jun 11 18:33:11 localhost Shorewall:all2all:REJECT:IN= OUT=eth1
SRC=192.168.X.X DST=192.168.X.X LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=1081 DF PROTO=UDP SPT=67 DPT=68 LEN=308
Jun 11 18:33:18 localhost Shorewall:all2all:REJECT:IN=eth1 OUTSRC=192.168.X.X
DST=192.168.X.X LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=248 DF PROTO=UDP SPT=68 DPT=67 LEN=308
Jun 11 18:33:18 localhost Shorewall:all2all:REJECT:IN= OUT=eth1
SRC=192.168.X.X DST=192.168.X.X LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=1082 DF PROTO=UDP SPT=67 DPT=68 LEN=308
Jun 11 18:33:54 localhost Shorewall:all2all:REJECT:IN=eth1 OUTSRC=192.168.X.X
DST=192.168.X.X LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=249 DF PROTO=UDP SPT=68 DPT=67 LEN=308
Jun 11 18:33:54 localhost Shorewall:all2all:REJECT:IN= OUT=eth1
SRC=192.168.X.X DST=192.168.X.X LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=1083 DF PROTO=UDP SPT=67 DPT=68 LEN=308
Jun 11 18:33:55 localhost Shorewall:net2all:DROP:IN=eth0 OUTSRC=80.131.113.96
DST=84.41.X.X LEN=32 TOS=0x00 PREC=0x00 TTL=117
ID=15028 PROTO=UDP SPT=1062 DPT=33333 LEN=12
Jun 11 18:34:10 localhost Shorewall:net2all:DROP:IN=eth0 OUTSRC=80.131.113.96
DST=84.41.X.X LEN=32 TOS=0x00 PREC=0x00 TTL=117
ID=17013 PROTO=UDP SPT=1063 DPT=33333 LEN=12
Jun 11 18:34:17 localhost Shorewall:net2all:DROP:IN=eth0 OUTSRC=80.131.113.96
DST=84.41.X.X LEN=32 TOS=0x00 PREC=0x00 TTL=117
ID=17874 PROTO=UDP SPT=1064 DPT=33333 LEN=12
Jun 11 18:34:25 localhost Shorewall:net2all:DROP:IN=eth0 OUTSRC=80.131.113.96
DST=84.41.X.X LEN=32 TOS=0x00 PREC=0x00 TTL=117
ID=18849 PROTO=UDP SPT=1065 DPT=33333 LEN=12
Jun 11 18:34:39 localhost Shorewall:all2all:REJECT:IN=eth1 OUTSRC=192.168.X.X
DST=192.168.X.X LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=250 DF PROTO=UDP SPT=68 DPT=67 LEN=308
Jun 11 18:34:39 localhost Shorewall:all2all:REJECT:IN= OUT=eth1
SRC=192.168.X.X DST=192.168.X.X LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=1084 DF PROTO=UDP SPT=67 DPT=68 LEN=308
Jun 11 18:35:05 localhost Shorewall:all2all:REJECT:IN=eth1 OUTSRC=192.168.X.X
DST=192.168.X.X LEN=330 TOS=0x00 PREC=0x00 TTL=128
ID=48811 PROTO=UDP SPT=68 DPT=67 LEN=310
Jun 11 18:35:05 localhost Shorewall:all2all:REJECT:IN= OUT=eth1
SRC=192.168.X.X DST=192.168.X.X LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=1085 DF PROTO=UDP SPT=67 DPT=68 LEN=308

-- 
Gr. SteZZz

Hi, 
I have some problems with shorewall,
I got disconnected every 10 minutes..
All the connections stops 

I am using Shorewall version 2.4.0-RC2
and it is running on debian 3.1r0

I can''t seem to find the problem.

I hope you can help me with this. i post my log so that you can maby
see where the problem is.(i have filtert some ip addresses)

/sbin/shorewall show log
Shorewall-2.4.0-RC2 Log at St-router - za jun 11 18:35:07 CEST 2005

Counters reset Sat Jun 11 16:00:06 CEST 2005

Jun 11 18:32:47 localhost Shorewall:all2all:REJECT:IN= OUT=eth1
SRC=192.168.X.X DST=192.168.X.X LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=1078 DF PROTO=UDP SPT=67 DPT=68 LEN=308

This is dhcp traffic....


Jun 11 18:32:57 localhost Shorewall:net2all:DROP:IN=eth0 OUTSRC=218.25.230.245
DST=84.41.X.X LEN=404 TOS=0x00 PREC=0x00 TTL=109
ID=50929 PROTO=UDP SPT=4288 DPT=1434 LEN=384

Net probe to mssql

Jun 11 18:32:59 localhost Shorewall:all2all:REJECT:IN=eth1 OUTSRC=192.168.X.X
DST=192.168.X.X LEN=330 TOS=0x00 PREC=0x00 TTL=128
ID=48701 PROTO=UDP SPT=68 DPT=67 LEN=310
Jun 11 18:32:59 localhost Shorewall:all2all:REJECT:IN= OUT=eth1
SRC=192.168.X.X DST=192.168.X.X LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=1079 DF PROTO=UDP SPT=67 DPT=68 LEN=308
Jun 11 18:33:03 localhost Shorewall:all2all:REJECT:IN=eth1 OUTSRC=192.168.X.X
DST=192.168.X.X LEN=330 TOS=0x00 PREC=0x00 TTL=128
ID=48704 PROTO=UDP SPT=68 DPT=67 LEN=310
Jun 11 18:33:03 localhost Shorewall:all2all:REJECT:IN= OUT=eth1
SRC=192.168.X.X DST=192.168.X.X LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=1080 DF PROTO=UDP SPT=67 DPT=68 LEN=308
Jun 11 18:33:11 localhost Shorewall:all2all:REJECT:IN=eth1 OUTSRC=192.168.X.X
DST=192.168.X.X LEN=330 TOS=0x00 PREC=0x00 TTL=128
ID=48719 PROTO=UDP SPT=68 DPT=67 LEN=310
Jun 11 18:33:11 localhost Shorewall:all2all:REJECT:IN= OUT=eth1
SRC=192.168.X.X DST=192.168.X.X LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=1081 DF PROTO=UDP SPT=67 DPT=68 LEN=308
Jun 11 18:33:18 localhost Shorewall:all2all:REJECT:IN=eth1 OUTSRC=192.168.X.X
DST=192.168.X.X LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=248 DF PROTO=UDP SPT=68 DPT=67 LEN=308
Jun 11 18:33:18 localhost Shorewall:all2all:REJECT:IN= OUT=eth1
SRC=192.168.X.X DST=192.168.X.X LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=1082 DF PROTO=UDP SPT=67 DPT=68 LEN=308
Jun 11 18:33:54 localhost Shorewall:all2all:REJECT:IN=eth1 OUTSRC=192.168.X.X
DST=192.168.X.X LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=249 DF PROTO=UDP SPT=68 DPT=67 LEN=308
Jun 11 18:33:54 localhost Shorewall:all2all:REJECT:IN= OUT=eth1
SRC=192.168.X.X DST=192.168.X.X LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=1083 DF PROTO=UDP SPT=67 DPT=68 LEN=308
Jun 11 18:33:55 localhost Shorewall:net2all:DROP:IN=eth0 OUTSRC=80.131.113.96
DST=84.41.X.X LEN=32 TOS=0x00 PREC=0x00 TTL=117
ID=15028 PROTO=UDP SPT=1062 DPT=33333 LEN=12
Jun 11 18:34:10 localhost Shorewall:net2all:DROP:IN=eth0 OUTSRC=80.131.113.96
DST=84.41.X.X LEN=32 TOS=0x00 PREC=0x00 TTL=117
ID=17013 PROTO=UDP SPT=1063 DPT=33333 LEN=12
Jun 11 18:34:17 localhost Shorewall:net2all:DROP:IN=eth0 OUTSRC=80.131.113.96
DST=84.41.X.X LEN=32 TOS=0x00 PREC=0x00 TTL=117
ID=17874 PROTO=UDP SPT=1064 DPT=33333 LEN=12
Jun 11 18:34:25 localhost Shorewall:net2all:DROP:IN=eth0 OUTSRC=80.131.113.96
DST=84.41.X.X LEN=32 TOS=0x00 PREC=0x00 TTL=117
ID=18849 PROTO=UDP SPT=1065 DPT=33333 LEN=12
Jun 11 18:34:39 localhost Shorewall:all2all:REJECT:IN=eth1 OUTSRC=192.168.X.X
DST=192.168.X.X LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=250 DF PROTO=UDP SPT=68 DPT=67 LEN=308
Jun 11 18:34:39 localhost Shorewall:all2all:REJECT:IN= OUT=eth1
SRC=192.168.X.X DST=192.168.X.X LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=1084 DF PROTO=UDP SPT=67 DPT=68 LEN=308
Jun 11 18:35:05 localhost Shorewall:all2all:REJECT:IN=eth1 OUTSRC=192.168.X.X
DST=192.168.X.X LEN=330 TOS=0x00 PREC=0x00 TTL=128
ID=48811 PROTO=UDP SPT=68 DPT=67 LEN=310
Jun 11 18:35:05 localhost Shorewall:all2all:REJECT:IN= OUT=eth1
SRC=192.168.X.X DST=192.168.X.X LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=1085 DF PROTO=UDP SPT=67 DPT=68 LEN=308

Are you running a dhcp server on the firewall for the local lan?
If so, you forgot to use the dhcp options in the shrorewall interfaces
file. Your clients then can''t renew their leases without that option.

Jerry

> Are you running a dhcp server on the firewall for the local lan?
> If so, you forgot to use the dhcp options in the shrorewall interfaces
> file. Your clients then can''t renew their leases without that
option.
> 
> Jerry
Yes i''m running a dhcp server for my local lan, but where can i set
the dhcp for shorewall than?

SteZZz wrote:
>>Are you running a dhcp server on the firewall for the local lan?
>>If so, you forgot to use the dhcp options in the shrorewall interfaces
>>file. Your clients then can''t renew their leases without that
option.
>>
>>Jerry
> 
> 
> Yes i''m running a dhcp server for my local lan, but where can i
set
> the dhcp for shorewall than?
In the interface file.

/etc/shorewall/interfaces

See the documentation for all the options.


-- 
Best regards,

Dominik Schips

SteZZz schrieb:
> > Are you running a dhcp server on the firewall for the local lan?
> > If so, you forgot to use the dhcp options in the shrorewall interfaces
> > file. Your clients then can''t renew their leases without that
option.
> >
> > Jerry
>
> Yes i''m running a dhcp server for my local lan, but where can i
set
> the dhcp for shorewall than?
Have you read Jerry''s post? He said: "in the shrorewall interfaces
file"

Best Regards Jan

-- 
OpenPGP Public-Key Fingerprint:
EBCA 749F DE87 99B8 881E 79A3 698D 2541 BFDF 8591

-- 
OpenPGP Public-Key Fingerprint:
0E9B 4052 C661 5018 93C3 4E46 651A 7A28 4028 FF7A

this is how it was
#ZONE   INTERFACE       BROADCAST       OPTIONS
net     eth0            detect          dhcp,routefilter,norfc1918,tcpflags
loc     eth1            detect          tcpflags

i made it like:
#ZONE   INTERFACE       BROADCAST       OPTIONS
net     eth0            detect          dhcp,routefilter,norfc1918,tcpflags
loc     eth1            detect          dhcp,tcpflags

hope this will do the trick

> > Are you running a dhcp server on the firewall for the local lan?
> > If so, you forgot to use the dhcp options in the shrorewall interfaces
> > file. Your clients then can''t renew their leases without that
option.
> >
> > Jerry
>
> Yes i''m running a dhcp server for my local lan, but where can i
set
> the dhcp for shorewall than?
Have you read Jerry''s post? He said: "in the shrorewall interfaces
file"

Best Regards Jan

---

Hum... "dhcp options in the shrorewall interfaces" 
Well I had my coffee today, must of been last night.  ;-)

make that "dhcp option in the shorewall interfaces file."
Me bad, I will repeat 100 times "must re-read before sending"
Back to cutting my lawn.

Jerry

well i think this is what did the trick, ty very mutch for your fast
help and all.
I wouldn''t solved this problem without you, and in a sort period like
this...
Gr. SteZZz