David Rabby
2008-Jun-09 03:29 UTC
Shorewall-3.2.6 and VMWare Server dropped connection differs between two machines with same config
Hello, I''ve been trying solve this for the past few months and still no success. I would appreciate any hints as to what I am overlooking. I am trying to connect from 75.154.176.159 to 72.55.144.9:82 VMware Server Host: 72.55.184.45 Guest VM on host machine sharing one nic (eth0) using vmware bridged networking (vmnet0): 72.55.144.9 I am attempting to allow internet access through the host''s eth0 on port 82 to a guest virtual machine on the same host. It sounds straightforward... I''ve read the manuals/googled and tried many various configurations changes and recommendations from setups similar to mine. I must be missing something, though I cannot seem to find the problem. I am not as experienced with firewall/networking as I''d like to be. The log is showing me being rejected. The interesting thing, is that finally in frustration, I built a box at home with the exact specifications as the colo server, and I had no issues connecting to port 82! As far as I can tell I have mirrored everything (software and configuration) except the exact hardware. When I turn off Shorewall on the colo server host, I am able to connect to the application at 72.55.144.9:82 When I turn it on, I cannot connect. On the home setup, I can connect whether Shorewall is on or not. Setup: VMware host server in colo running Debian Etch, Shorewall 3.2.6, VMware Server 2 (was running ver.1 with same results). A guest is running a Windows virtual machine (with app. accepting port 82 requests). VMware is using bridged networking for the guest machine. I''ve sent to support@shorewall.net <mailto:support@shorewall.net> the status.txt.gz that is the output from */sbin/shorewall reset* and */sbin/shorewall dump > /tmp/status.txt* . The connection attempt that is failing shows up in the logs as: Jun 8 20:20:45 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=75.154.176.159 DST=72.55.144.9 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=51513 DF PROTO=TCP SPT=4161 DPT=82 WINDOW=65535 RES=0x00 SYN URGP=0 Thank you for your time. -David ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
Tom Eastep
2008-Jun-09 05:13 UTC
Re: Shorewall-3.2.6 and VMWare Server dropped connection differs between two machines with same config
David Rabby wrote:> Hello, I''ve been trying solve this for the past few months and still no > success. I would appreciate any hints as to what I am overlooking.> I''ve sent to support@shorewall.net <mailto:support@shorewall.net> the > status.txt.gz that is the output from */sbin/shorewall reset* and > */sbin/shorewall dump > /tmp/status.txt* . The connection attempt that > is failing shows up in the logs as: > > Jun 8 20:20:45 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=75.154.176.159 > DST=72.55.144.9 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=51513 DF PROTO=TCP > SPT=4161 DPT=82 WINDOW=65535 RES=0x00 SYN URGP=0The above log message, along with your report, suggests that you have been having a Shorewall issue "for the past few months" but haven''t thought to consult the Shorewall FAQ. See Shorewall FAQ 17. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
David Rabby
2008-Jun-09 05:42 UTC
Re: Shorewall-3.2.6 and VMWare Server dropped connection differs between two machines with same config
Thank you for your help Tom. Indeed from FAQ17 "If the chain is FORWARD and the IN and OUT interfaces are the same, then you probably need the routeback option on that interface in /etc/shorewall/interfaces" solved the problem. Sorry I missed that... -David Tom Eastep wrote:> David Rabby wrote: >> Hello, I''ve been trying solve this for the past few months and still >> no success. I would appreciate any hints as to what I am overlooking. > >> I''ve sent to support@shorewall.net <mailto:support@shorewall.net> the >> status.txt.gz that is the output from */sbin/shorewall reset* and >> */sbin/shorewall dump > /tmp/status.txt* . The connection attempt >> that is failing shows up in the logs as: >> >> Jun 8 20:20:45 FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=75.154.176.159 >> DST=72.55.144.9 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=51513 DF >> PROTO=TCP SPT=4161 DPT=82 WINDOW=65535 RES=0x00 SYN URGP=0 > > The above log message, along with your report, suggests that you have > been having a Shorewall issue "for the past few months" but haven''t > thought to consult the Shorewall FAQ. > > See Shorewall FAQ 17. > > -Tom------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php