Greetings, I am puzzled here and hopefully someone knows what is happening. I have been running Shorewall 1.4 on a RedHat 9 for few years. Only few weeks ago some of my visitor started to report that they are unable to see a web site hosted on my server. One interesting thing is that all of the users that unable to see my server are from Yahoo [sbc] DSL. I called my provider [Megapath networks] and they troubleshooted my connection few times and determined no issues with packets sent through them. I also called yahoo dsl from one of my friends who is unable access my server and yahoo determined no issues. Tier 2 support was able to see my server with no problems. So why me? In order to troubleshoot the issue I got sbc yahoo account and yes, no packets are getting through. When i vpn to my work, ie get new set of ip''s i can get through. i am puzzled what yahoo dsl is doing? so last week i decided to do a little investigation. i checked the log for originating ip and found no record of yahoo dsl even hitting my firewall. i installed snort and started to see packets from yahoo dsl. i ran tcptrace and checked the logs - bingo - ip is shown. so the traffic is getting through, but is filtered by some process. but why? i stopped shorewall. no luck. cant access server. i checked status of iptables. its running. why? did shorewall started it? stopped iptables. bingo. traffic is getting though. started iptables directly. all traffic is getting through. server is accessible from yahoo. started shorewall and no longer can get access. cant access only from yahoo dsl, but other providers are fine. any idea''s what i am doing wrong? - misha ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information
On Monday 31 October 2005 19:28, Misha Birman wrote:> any idea''s what i am doing wrong? >First, please review the problem reporting guidelines at http://www.shorewall.net/support.htm. Your post provided almost no information that would be helpful in determining the cause of your problem. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information
Misha Birman wrote:> Greetings, > I am puzzled here and hopefully someone knows what is happening. > I have been running Shorewall 1.4 on a RedHat 9 for few years. Only few weeks ago some of my visitor started to report that they are unable to see a web site hosted on my server. One interesting thing is that all of the users that unable to see my server are from Yahoo [sbc] DSL. I called my provider [Megapath networks] and they troubleshooted my connection few times and determined no issues with packets sent through them. > I also called yahoo dsl from one of my friends who is unable access my server and yahoo determined no issues. Tier 2 support was able to see my server with no problems. So why me? > > In order to troubleshoot the issue I got sbc yahoo account and yes, no packets are getting through. When i vpn to my work, ie get new set of ip''s i can get through. i am puzzled what yahoo dsl is doing? > so last week i decided to do a little investigation. i checked the log for originating ip and found no record of yahoo dsl even hitting my firewall. > i installed snort and started to see packets from yahoo dsl. i ran tcptrace and checked the logs - bingo - ip is shown. so the traffic is getting through, but is filtered by some process. but why? > > i stopped shorewall. no luck. cant access server. > i checked status of iptables. its running. why? did shorewall started it? stopped iptables. bingo. traffic is getting though. started iptables directly. all traffic is getting through. server is accessible from yahoo. started shorewall and no longer can get access. cant access only from yahoo dsl, but other providers are fine. > any idea''s what i am doing wrong?You''re likely experiencing problems due to Yahoo obtaining a new netblock that is blocked in your rfc1918 or bogons file (can''t remember which it was in 1.4). Turn off norfc1918 or nobogons on your Internet interface and it will probably work. A few other points: - 1.4 is not a supported version of shorewall. Please upgrade to 2.4.6 ASAP. - Without seeing configuration or syslog messages, it''s impossible to tell whether i''ve made the right guess above. - Stopping shorewall is supposed to stop traffic to your machine. To do what you want to do, you should use ''shorewall clear''. - Using the iptables start & stop scripts as well as shorewall is not recommended. Please have a read of http://www.shorewall.net/support.html provide the information listed there before you ask any further questions about this problem. Paul ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information
On Monday 31 October 2005 19:28, Misha Birman wrote:> Greetings, > I am puzzled here and hopefully someone knows what is happening. > I have been running Shorewall 1.4 on a RedHat 9 for few years.I should also point out that Shorewall 1.4 has been unsupported for 6 months now. Given that you are running an obsolete release, I suspect that your ''rfc1918'' file is out of date and that Yahoo sites are being dropped under the ''norfc1918'' options. I also suspect that your log is full of messages telling you what is happening but you are not bothering to look at your log. You can get an updated ''rfc1918'' file from the Shorewall Errata page but you really ought to upgrade to a supported release. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information