Shorewall users - Jun 2006 - Connection issues: Rule present, but still drop

Hello,

My /etc/shorewall/rules contains among other things a rule like this:
ACCEPT          net             $FW             tcp     50

But the logs still contain things like
Jun 14 21:11:35 morannon kernel: Shorewall:net2all:DROP:IN=eth1
OUTMAC=00:40:63:ca:c3:ca:00:0b:23:34:d2:17:08:00 SRC=131.215.35.27
DST=69.105.30.168 LEN=60 TOS=0x00 PREC=0x00 TT
L=50 ID=19473 DF PROTO=TCP SPT=58981 DPT=143 WINDOW=5840 RES=0x00 SYN URGP=0

Where 131.215.35.27 is the originating system and 69.105.30.168 the server
running shorewall.  Restart, reboot all want solve the issue - seems like I
could use a nudge into the right direction ... shorewall dump is attached.

Thanks for any hints,

Joh

Johannes Graumann wrote:
> Hello,
>
> My /etc/shorewall/rules contains among other things a rule like this:
> ACCEPT          net             $FW             tcp     50
>
> But the logs still contain things like
> Jun 14 21:11:35 morannon kernel: Shorewall:net2all:DROP:IN=eth1 OUT>
MAC=00:40:63:ca:c3:ca:00:0b:23:34:d2:17:08:00 SRC=131.215.35.27
> DST=69.105.30.168 LEN=60 TOS=0x00 PREC=0x00 TT
> L=50 ID=19473 DF PROTO=TCP SPT=58981 DPT=143 WINDOW=5840 RES=0x00 SYN
URGP=0
>
> Where 131.215.35.27 is the originating system and 69.105.30.168 the server
> running shorewall.  Restart, reboot all want solve the issue - seems like I
> could use a nudge into the right direction ... shorewall dump is attached..
That''s completely normal.  IP 131.215.35.27 is attempting to contact
your firewall for IMAP mail (TCP port 143).  If you don''t want to see
DROPped traffic in your logs, remove the logging directive from your
net2$FW policy.

Paul

Johannes Graumann wrote:
> Hello,
> 
> My /etc/shorewall/rules contains among other things a rule like this:
> ACCEPT          net             $FW             tcp     50
> 
> But the logs still contain things like
> Jun 14 21:11:35 morannon kernel: Shorewall:net2all:DROP:IN=eth1 OUT>
MAC=00:40:63:ca:c3:ca:00:0b:23:34:d2:17:08:00 SRC=131.215.35.27
> DST=69.105.30.168 LEN=60 TOS=0x00 PREC=0x00 TT
> L=50 ID=19473 DF PROTO=TCP SPT=58981 DPT=143 WINDOW=5840 RES=0x00 SYN
URGP=0
> 
> Where 131.215.35.27 is the originating system and 69.105.30.168 the server
> running shorewall.  Restart, reboot all want solve the issue - seems like I
> could use a nudge into the right direction ... shorewall dump is attached.
The log message you post refers to TCP destination port 143 (see FAQ 17). The
rule that you post, on the other hand, deals with TCP destination port 50.

So I have no idea what problem you are trying to report since the rule and the
log message are unrelated.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key