schaffter ~ # /sbin/shorewall version 3.4.8 schaffter ~ # ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop link/ether ce:c2:15:ba:6a:75 brd ff:ff:ff:ff:ff:ff 3: eql: <MASTER> mtu 576 qdisc noop qlen 5 link/slip 4: teql0: <NOARP> mtu 1500 qdisc noop qlen 100 link/void 5: tunl0: <NOARP> mtu 1480 qdisc noop link/ipip 0.0.0.0 brd 0.0.0.0 6: gre0: <NOARP> mtu 1476 qdisc noop link/gre 0.0.0.0 brd 0.0.0.0 7: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 8: ip6tnl0: <NOARP> mtu 1460 qdisc noop link/tunnel6 :: brd :: 9: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether fe:ff:00:00:50:d8 brd ff:ff:ff:ff:ff:ff inet 80.68.91.163/32 scope global eth0 inet6 fe80::fcff:ff:fe00:50d8/64 scope link valid_lft forever preferred_lft forever schaffter ~ # ip route show 127.0.0.0/8 dev lo scope link default dev eth0 scope link schaffter.com is on address 80.68.91.163 schaffter.com runs gentoo linux under a UML (User Mode Linux) server. In /etc/shorewall/shorewall.conf I can find the two rows: RFC1918_LOG_LEVEL=info RFC1918_STRICT=No and of course much more. On a general point of view, everything works fine. My problem: All traffic that we have tried from the external IP address 77.193.149.159 is rejected by my firewall, with messages looking like Jul 7 19:26:27 schaffter kernel: Shorewall:rfc1918:DROP:IN=eth0 OUTMAC=fe:ff:00:00:50:d8:fe:ff:00:00:00:01:08:00 SRC=77.193.149.159 DST=80.68.91.163 LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=1355 DF PROTO=TCP SPT=1128 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 We have tried to send TCP traffic to port 80, UDP to port 53 and to ping. All traffic from this source address is refused by my shorewall with ''rfc1918:DROP''. To my understanding, the address 77.193.149.159 should not be an ''rfc1918 address'' and to my understanding it isn''t mentioned explicitly or implicitly in the rfc1918 file. I have made no modifications to the /etc/shorewall/rfc1918 file myself. Could someone please point me in the right direction so that I can understand what''s going on ? If I need to provide further information, please tell me what to include. Best regards Gus ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08
Gustav Schaffter wrote:> Could someone please point me in the right direction so that I can > understand what''s going on ?You probably have an /etc/shorewall/rfc1918 file that lists a whole bunch of non-RFC1918 addresses listed. Such files were used back in the dark ages of Shorewall''s existance but should have been removed from your systems years ago. You may also have /etc/shorewall/bogons -- if so, delete that as well. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08
Tom, Thanks for your quick answer. "You probably have an /etc/shorewall/rfc1918 file" True. I have now removed it. I''m still surprised, since the failing address wasn''t found explicitly or implicitly in that file. "Such files were used back in the dark ages of Shorewall''s existance" You make me feel old. ;-) "You may also have /etc/shorewall/bogons" Actually, i have a dim memory of having deleted that file long time ago. I will try from the offending (offended ?) address again tomorrow and will let you know the outcome. Again, thanks for your prompt help. Gustav On Mon, Jul 7, 2008 at 10:22 PM, Tom Eastep <teastep@shorewall.net> wrote:> Gustav Schaffter wrote: > >> Could someone please point me in the right direction so that I can >> understand what''s going on ? > > You probably have an /etc/shorewall/rfc1918 file that lists a whole bunch of > non-RFC1918 addresses listed. Such files were used back in the dark ages of > Shorewall''s existance but should have been removed from your systems years > ago. You may also have /etc/shorewall/bogons -- if so, delete that as well. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > > ------------------------------------------------------------------------- > Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! > Studies have shown that voting for your favorite open source project, > along with a healthy diet, reduces your potential for chronic lameness > and boredom. Vote Now at http://www.sourceforge.net/community/cca08 > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08
Tom, As I expected, after having followed your instructions in removing the old rfc1918 file, everything seems to work as it should. Thanks again for your prompt support. Regards Gustav On Mon, Jul 7, 2008 at 10:40 PM, Gustav Schaffter <gustav.schaffter@gmail.com> wrote:> Tom, > > Thanks for your quick answer. > > "You probably have an /etc/shorewall/rfc1918 file" > True. I have now removed it. I''m still surprised, since the failing > address wasn''t found explicitly or implicitly in that file. > > > "Such files were used back in the dark ages of Shorewall''s existance" > You make me feel old. ;-) > > > "You may also have /etc/shorewall/bogons" > Actually, i have a dim memory of having deleted that file long time ago. > > > I will try from the offending (offended ?) address again tomorrow and > will let you know the outcome. > > > Again, thanks for your prompt help. > Gustav > > > > On Mon, Jul 7, 2008 at 10:22 PM, Tom Eastep <teastep@shorewall.net> wrote: >> Gustav Schaffter wrote: >> >>> Could someone please point me in the right direction so that I can >>> understand what''s going on ? >> >> You probably have an /etc/shorewall/rfc1918 file that lists a whole bunch of >> non-RFC1918 addresses listed. Such files were used back in the dark ages of >> Shorewall''s existance but should have been removed from your systems years >> ago. You may also have /etc/shorewall/bogons -- if so, delete that as well. >> >> -Tom >> -- >> Tom Eastep \ Nothing is foolproof to a sufficiently talented fool >> Shoreline, \ http://shorewall.net >> Washington USA \ teastep@shorewall.net >> PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key >> >> >> ------------------------------------------------------------------------- >> Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! >> Studies have shown that voting for your favorite open source project, >> along with a healthy diet, reduces your potential for chronic lameness >> and boredom. Vote Now at http://www.sourceforge.net/community/cca08 >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> >------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08