Shorewall users - Sep 2010 - Lost Connection 15~20 Minutes after starting Shorewall - Shorewall really culprit?

Hi,
 I have recently installed shorewall with a very simple rules configuration,

----------------------------------
#SECTION RELATED
SECTION NEW
Ping/ACCEPT     all     $FW
Trcrt/ACCEPT    all     $FW
SSH/ACCEPT      all     $FW
ACCEPT            net     $FW     tcp     http
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
-----------------------------------------

  and I have no problems when I initially start shorewall.  Everything
runs fine for 15~20 minutes or longer, but then I suddenly start
getting ssh connections dropped and ping ceases to work.
I''m not convinced that shorewall is actually the issue, but
I''d like to know,

  Is there any way a shorewall configuration could start dropping
connections after a lengthy period, or any way that the configuration
setup could go wrong or be reset such a long time following restart?
  If so what can I do to avoid this situation?

  It is a bit frustrating to test as it does not happen immediately.

------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd

I, ve got something similar on one of my ubuntu fw/router for SOHO., running
shorewall 4.4.. i.ve notice it hapens while martian packets appear on LAN
interface. If I ping the router from any local PC TTL chages from 64 to 255
, connection is dropped, after some minute or so the TTL goes back to normal
64 value and connection is good again antil next martian packet arrives.
I''m
not sure what is the main cause of that, google gives me no answer as yet.
There is no kernel panic or whatsoever during this, logs give me nothing.
Ssh to external interface remains good while All Lan connections are
dropped. Any ideas? Thanks

07.09.2010 13:49 пользователь "." <joes.mailing.lists@gmail.com>
написал:
Hi,
 I have recently installed shorewall with a very simple rules configuration,

----------------------------------
#SECTION RELATED
SECTION NEW
Ping/ACCEPT     all     $FW
Trcrt/ACCEPT    all     $FW
SSH/ACCEPT      all     $FW
ACCEPT            net     $FW     tcp     http
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
-----------------------------------------

 and I have no problems when I initially start shorewall.  Everything
runs fine for 15~20 minutes or longer, but then I suddenly start
getting ssh connections dropped and ping ceases to work.
I''m not convinced that shorewall is actually the issue, but
I''d like to
know,

 Is there any way a shorewall configuration could start dropping
connections after a lengthy period, or any way that the configuration
setup could go wrong or be reset such a long time following restart?
 If so what can I do to avoid this situation?

 It is a bit frustrating to test as it does not happen immediately.

------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users


------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd

On 9/7/10 3:19 AM, Юрий Миронов wrote:
> I, ve got something similar on one of my ubuntu fw/router for SOHO.,
> running shorewall 4.4.. i.ve <http://i.ve> notice it hapens while
> martian packets appear on LAN interface. If I ping the router from any
> local PC TTL chages from 64 to 255 , connection is dropped, after some
> minute or so the TTL goes back to normal 64 value and connection is good
> again antil next martian packet arrives. I''m not sure what is the
main
> cause of that, google gives me no answer as yet. There is no kernel
> panic or whatsoever during this, logs give me nothing. Ssh to external
> interface remains good while All Lan connections are dropped. Any ideas?
Sounds like you have two or more firewall interfaces attached to the
same switch.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd

On 9/7/10 2:42 AM,  . wrote:
> Hi,
>  I have recently installed shorewall with a very simple rules
configuration,
> 
> ----------------------------------
> #SECTION RELATED
> SECTION NEW
> Ping/ACCEPT     all     $FW
> Trcrt/ACCEPT    all     $FW
> SSH/ACCEPT      all     $FW
> ACCEPT            net     $FW     tcp     http
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
> -----------------------------------------
> 
>   and I have no problems when I initially start shorewall.  Everything
> runs fine for 15~20 minutes or longer, but then I suddenly start
> getting ssh connections dropped and ping ceases to work.
> I''m not convinced that shorewall is actually the issue, but
I''d like to know,
> 
>   Is there any way a shorewall configuration could start dropping
> connections after a lengthy period, or any way that the configuration
> setup could go wrong or be reset such a long time following restart?
>   If so what can I do to avoid this situation?
There is no way that the netfilter configuration created by Shorewall
can suddenly change itself. Most likely causes are:

a) You didn''t uninstall your previous iptables firewall before
installing Shorewall.

b) You have two or more network interfaces cabled to the same switch.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd