hi, i installed Shorewall (Version�: 4.0.15-1~bpo40+1) on a debian server. i also installed transmission-cli (bittorent client). the incoming tcp port for transmission-cli is 51413 but i have dropped packets on this port. You can see below the logs: Apr 4 20:27:07 ps75dmz01 kernel: Shorewall:INPUT:DROP:IN=eth0 OUT= MAC=00:c0:4f:56:c9:eb:00:07:cb:23:27:c5:08:00 SRC=88.177.194.63 DST=192.168.42.92 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=31989 DF PROTO=TCP SPT=61620 DPT=51413 WINDOW=8192 RES=0x00 SYN URGP=0 Apr 4 20:27:08 ps75dmz01 kernel: Shorewall:INPUT:DROP:IN=eth0 OUT= MAC=00:c0:4f:56:c9:eb:00:07:cb:23:27:c5:08:00 SRC=82.246.79.140 DST=192.168.42.92 LEN=95 TOS=0x00 PREC=0x00 TTL=118 ID=55258 PROTO=UDP SPT=17333 DPT=51413 LEN=75 Apr 4 20:27:08 ps75dmz01 kernel: Shorewall:INPUT:DROP:IN=eth0 OUT= MAC=00:c0:4f:56:c9:eb:00:07:cb:23:27:c5:08:00 SRC=85.68.126.43 DST=192.168.42.92 LEN=95 TOS=0x00 PREC=0x00 TTL=121 ID=26941 PROTO=UDP SPT=17537 DPT=51413 LEN=75 Apr 4 20:27:11 ps75dmz01 kernel: Shorewall:INPUT:DROP:IN=eth0 OUT= MAC=00:c0:4f:56:c9:eb:00:07:cb:23:27:c5:08:00 SRC=88.177.194.63 DST=192.168.42.92 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=32216 DF PROTO=TCP SPT=61620 DPT=51413 WINDOW=8192 RES=0x00 SYN URGP=0 In the file /etc/shorewall/rules, i get this line: BitTorrent/ACCEPT all $FW My debian server is connected on my LAN. My router doesn't block the packets because my debian server drop it. Can you help me please? where is the mistake? Thanks _________________________________________________________________ Vous voulez savoir ce que vous pouvez faire avec le nouveau Windows Live ? Lancez-vous ! http://www.microsoft.com/windows/windowslive/default.aspx ------------------------------------------------------------------------------
christophe savigny wrote:> i installed Shorewall (Version�: 4.0.15-1~bpo40+1) on a debian server. > i also installed transmission-cli (bittorent client). > the incoming tcp port for transmission-cli is 51413 but i have dropped > packets on this port. > You can see below the logs: > > Apr 4 20:27:11 ps75dmz01 kernel: Shorewall:INPUT:DROP:IN=eth0 OUT> MAC=00:c0:4f:56:c9:eb:00:07:cb:23:27:c5:08:00 SRC=88.177.194.63 > DST=192.168.42.92 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=32216 DF > PROTO=TCP SPT=61620 DPT=51413 WINDOW=8192 RES=0x00 SYN URGP=0 > > In the file /etc/shorewall/rules, i get this line: > > BitTorrent/ACCEPT all $FW > > My debian server is connected on my LAN. > My router doesn''t block the packets because my debian server drop it. > > Can you help me please? where is the mistake?Hopefully you have installed Shorewall-perl rather than the default ''shorewall'' package that includes the legacy Shorewall-shell compiler. Regardless, the fact that the packets are being rejected out of the INPUT chain usually indicates that eth0:88.177.194.63 is not in any of your defined zones. Please see http://www.shorewall.net/support.htm#Guidelines if you need to post again. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------
Thanks. In fact, Shorewall uses the shell compiler. I installed shorewall-perl. i added this line in the shorewall config file: SHOREWALL_COMPILER=perlI restarted shorewall but i have the below errors 16:37:58 Compiling... ERROR: Invalid value ( 3 ) supplied for parameter verbosity Thanks Christophe Tel: 06 1588 6984 http://mrsavignychristophe.free.fr/> Date: Sat, 4 Apr 2009 11:56:21 -0700 > From: teastep@shorewall.net > To: shorewall-users@lists.sourceforge.net > Subject: Re: [Shorewall-users] dropped packets on shorewall + bittorent > > christophe savigny wrote: > > > i installed Shorewall (Version�: 4.0.15-1~bpo40+1) on a debian server. > > i also installed transmission-cli (bittorent client). > > the incoming tcp port for transmission-cli is 51413 but i have dropped > > packets on this port. > > You can see below the logs: > > > > Apr 4 20:27:11 ps75dmz01 kernel: Shorewall:INPUT:DROP:IN=eth0 OUT> > MAC=00:c0:4f:56:c9:eb:00:07:cb:23:27:c5:08:00 SRC=88.177.194.63 > > DST=192.168.42.92 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=32216 DF > > PROTO=TCP SPT=61620 DPT=51413 WINDOW=8192 RES=0x00 SYN URGP=0 > > > > In the file /etc/shorewall/rules, i get this line: > > > > BitTorrent/ACCEPT all $FW > > > > My debian server is connected on my LAN. > > My router doesn't block the packets because my debian server drop it. > > > > Can you help me please? where is the mistake? > > Hopefully you have installed Shorewall-perl rather than the default > 'shorewall' package that includes the legacy Shorewall-shell compiler. > > Regardless, the fact that the packets are being rejected out of the > INPUT chain usually indicates that eth0:88.177.194.63 is not in any of > your defined zones. > > Please see http://www.shorewall.net/support.htm#Guidelines if you need > to post again. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ >_________________________________________________________________ Vous voulez savoir ce que vous pouvez faire avec le nouveau Windows Live ? Lancez-vous ! http://www.microsoft.com/windows/windowslive/default.aspx ------------------------------------------------------------------------------
christophe savigny wrote:> > Thanks. > In fact, Shorewall uses the shell compiler. > I installed shorewall-perl. > i added this line in the shorewall config file: > > SHOREWALL_COMPILER=perl > > I restarted shorewall but i have the below errors > > 16:37:58 Compiling... > ERROR: Invalid value ( 3 ) supplied for parameter verbosityAccording to your prior post:> I installed Shorewall (Version: 4.0.15-1~bpo40+1) on a debian server.The above error message is only produced by Shorewall-perl 4.2.*. So have you also upgraded shorewall-common to version 4.2? I suspect not since /sbin/shorewall should have either caught an invalid VERBOSITY setting in /etc/shorewall/shorewall.conf or would have clamped the verbosity after it had been adjusted by -q and -v options. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------
i installed shorewall-perl with the same version than shorewall (4.0.15) i restarted shorewall with this command: shorewall restart -C perlthere is been no errors. but there is always the same dropped packets: Apr 5 19:54:41 ps75dmz01 kernel: Shorewall:INPUT:DROP:IN=eth0 OUT= MAC=00:c0:4f:56:c9:eb:00:07:cb:23:27:c5:08:00 SRC=81.129.52.78 DST=192.168.42.92 LEN=48 TOS=0x00 PREC=0x00 TTL=103 ID=58100 DF PROTO=TCP SPT=52830 DPT=51413 WINDOW=16384 RES=0x00 SYN URGP=0 Apr 5 19:54:42 ps75dmz01 kernel: Shorewall:INPUT:DROP:IN=eth0 OUT= MAC=00:c0:4f:56:c9:eb:00:07:cb:23:27:c5:08:00 SRC=82.251.87.188 DST=192.168.42.92 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=63427 DF PROTO=TCP SPT=1284 DPT=51413 WINDOW=65535 RES=0x00 SYN URGP=0 Apr 5 19:54:44 ps75dmz01 kernel: Shorewall:INPUT:DROP:IN=eth0 OUT= MAC=00:c0:4f:56:c9:eb:00:07:cb:23:27:c5:08:00 SRC=84.101.238.3 DST=192.168.42.92 LEN=95 TOS=0x00 PREC=0x00 TTL=119 ID=36534 PROTO=UDP SPT=27346 DPT=51413 LEN=75 Apr 5 19:54:54 ps75dmz01 kernel: Shorewall:INPUT:DROP:IN=eth0 OUT= MAC=00:c0:4f:56:c9:eb:00:07:cb:23:27:c5:08:00 SRC=81.249.214.241 DST=192.168.42.92 LEN=95 TOS=0x00 PREC=0x00 TTL=53 ID=1762 PROTO=UDP SPT=44367 DPT=51413 LEN=75 thanks> Date: Sun, 5 Apr 2009 08:53:01 -0700 > From: teastep@shorewall.net > To: shorewall-users@lists.sourceforge.net > Subject: Re: [Shorewall-users] dropped packets on shorewall + bittorent > > christophe savigny wrote: > > > > Thanks. > > In fact, Shorewall uses the shell compiler. > > I installed shorewall-perl. > > i added this line in the shorewall config file: > > > > SHOREWALL_COMPILER=perl > > > > I restarted shorewall but i have the below errors > > > > 16:37:58 Compiling... > > ERROR: Invalid value ( 3 ) supplied for parameter verbosity > > According to your prior post: > > > I installed Shorewall (Version: 4.0.15-1~bpo40+1) on a debian server. > > The above error message is only produced by Shorewall-perl 4.2.*. So > have you also upgraded shorewall-common to version 4.2? I suspect not > since /sbin/shorewall should have either caught an invalid VERBOSITY > setting in /etc/shorewall/shorewall.conf or would have clamped the > verbosity after it had been adjusted by -q and -v options. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ >_________________________________________________________________ Téléphonez gratuitement à tous vos proches avec Windows Live Messenger ! Téléchargez-le maintenant ! http://www.windowslive.fr/messenger/1.asp ------------------------------------------------------------------------------
christophe savigny wrote:> > i installed shorewall-perl with the same version than shorewall (4.0.15) > i restarted shorewall with this command: > > * shorewall restart -C perl*** > > there is been no errors. > but there is always the same dropped packets: >> Apr 5 19:54:54 ps75dmz01 kernel: Shorewall:INPUT:DROP:IN=eth0 OUT> MAC=00:c0:4f:56:c9:eb:00:07:cb:23:27:c5:08:00 SRC=81.249.214.241 > DST=192.168.42.92 LEN=95 TOS=0x00 PREC=0x00 TTL=53 ID=1762 PROTO=UDP > SPT=44367 DPT=51413 LEN=75Well -- I asked you to read http://www.shorewall.net/support.htm#Guidelines before you posted again. If you read that article, apparently you didn''t learn anything. So I''ll make in explicit: PLEASE DON''T POST AGAIN UNLESS YOU INCLUDE THE OUTPUT OF ''shorewall dump'' COLLECTED AS DESCRIBED IN THE GUIDELINES. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------
i installed shorewall-perl with the same version than shorewall (4.0.15) i restarted shorewall with this command: shorewall restart -C perlthere is been no errors. but there is always the same dropped packets in /var/log/messages: Apr 8 19:38:31 ps75dmz01 kernel: Shorewall:INPUT:DROP:IN=eth0 OUT= MAC=00:c0:4f:56:c9:eb:00:07:cb:23:27:c5:08:00 SRC=202.173.185.229 DST=192.168.42.92 LEN=48 TOS=0x00 PREC=0x00 TTL=103 ID=51444 DF PROTO=TCP SPT=4230 DPT=51413 WINDOW=65535 RES=0x00 SYN URGP=0 Apr 8 19:38:35 ps75dmz01 kernel: Shorewall:INPUT:DROP:IN=eth0 OUT= MAC=00:c0:4f:56:c9:eb:00:07:cb:23:27:c5:08:00 SRC=202.173.185.229 DST=192.168.42.92 LEN=48 TOS=0x00 PREC=0x00 TTL=103 ID=51933 DF PROTO=TCP SPT=4230 DPT=51413 WINDOW=65535 RES=0x00 SYN URGP=0 Apr 8 19:38:40 ps75dmz01 kernel: Shorewall:INPUT:DROP:IN=eth0 OUT= MAC=00:c0:4f:56:c9:eb:00:07:cb:23:27:c5:08:00 SRC=202.173.185.229 DST=192.168.42.92 LEN=48 TOS=0x00 PREC=0x00 TTL=103 ID=52654 DF PROTO=TCP SPT=4230 DPT=51413 WINDOW=65535 RES=0x00 SYN URGP=0 Apr 8 19:38:43 ps75dmz01 kernel: Shorewall:INPUT:DROP:IN=eth0 OUT= MAC=00:c0:4f:56:c9:eb:00:07:cb:23:27:c5:08:00 SRC=85.69.134.203 DST=192.168.42.92 LEN=95 TOS=0x00 PREC=0x00 TTL=121 ID=8642 PROTO=UDP SPT=47648 DPT=51413 LEN=75 Apr 8 19:38:50 ps75dmz01 kernel: Shorewall:INPUT:DROP:IN=eth0 OUT= MAC=00:c0:4f:56:c9:eb:00:07:cb:23:27:c5:08:00 SRC=80.185.202.177 DST=192.168.42.92 LEN=95 TOS=0x00 PREC=0x00 TTL=120 ID=14491 PROTO=UDP SPT=47647 DPT=51413 LEN=75 Apr 8 19:38:56 ps75dmz01 kernel: Shorewall:INPUT:DROP:IN=eth0 OUT= MAC=00:c0:4f:56:c9:eb:00:07:cb:23:27:c5:08:00 SRC=79.72.177.124 DST=192.168.42.92 LEN=95 TOS=0x00 PREC=0x00 TTL=113 ID=20802 PROTO=UDP SPT=49689 DPT=51413 LEN=75 Apr 8 19:38:58 ps75dmz01 kernel: Shorewall:INPUT:DROP:IN=eth0 OUT= MAC=00:c0:4f:56:c9:eb:00:07:cb:23:27:c5:08:00 SRC=77.193.206.64 DST=192.168.42.92 LEN=95 TOS=0x00 PREC=0x00 TTL=119 ID=26001 PROTO=UDP SPT=57572 DPT=51413 LEN=75 You will find in attachment the output of shorewall dump thanks> Date: Sun, 5 Apr 2009 08:53:01 -0700 > From: teastep@shorewall.net > To: shorewall-users@lists.sourceforge.net > Subject: Re: [Shorewall-users] dropped packets on shorewall + bittorent > > christophe savigny wrote: > > > > Thanks. > > In fact, Shorewall uses the shell compiler. > > I installed shorewall-perl. > > i added this line in the shorewall config file: > > > > SHOREWALL_COMPILER=perl > > > > I restarted shorewall but i have the below errors > > > > 16:37:58 Compiling... > > ERROR: Invalid value ( 3 ) supplied for parameter verbosity > > According to your prior post: > > > I installed Shorewall (Version: 4.0.15-1~bpo40+1) on a debian server. > > The above error message is only produced by Shorewall-perl 4.2.*. So > have you also upgraded shorewall-common to version 4.2? I suspect not > since /sbin/shorewall should have either caught an invalid VERBOSITY > setting in /etc/shorewall/shorewall.conf or would have clamped the > verbosity after it had been adjusted by -q and -v options. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ >Votre correspondant a choisi Hotmail et profite d''un stockage quasiment illimité. Créez un compte Hotmail gratuitement ! _________________________________________________________________ Téléphonez gratuitement à tous vos proches avec Windows Live Messenger ! Téléchargez-le maintenant ! http://www.windowslive.fr/messenger/1.asp ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com
christophe savigny wrote:> > i installed shorewall-perl with the same version than shorewall (4.0.15) > i restarted shorewall with this command: > > * shorewall restart -C perl*** > > there is been no errors. > but there is always the same dropped packets in /var/log/messages: > Apr 8 19:38:58 ps75dmz01 kernel: Shorewall:INPUT:DROP:IN=eth0 OUT> MAC=00:c0:4f:56:c9:eb:00:07:cb:23:27:c5:08:00 SRC=77.193.206.64 > DST=192.168.42.92 LEN=95 TOS=0x00 PREC=0x00 TTL=119 ID=26001 PROTO=UDP > SPT=57572 DPT=51413 LEN=75 > > You will find in attachment the output of shorewall dumpChristophe, I don''t see the attachment. If you like, you can forward it off-list to upload@shorewall.net. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com