Hi, I am using v4.4.26.1 and I have a bridge interface on my firewall (br0). Under the bridge interface, I have 2 interfaces (eth1 and wlan0) For routing back to the same interface scenarios, I have the routeback option set on this interface: #ZONE INTERFACE BROADCAST OPTIONS lan br0 detect dhcp,routeback,routefilter And this works for traffic coming from wlan0 , going to eth1 and also in the other direction. However, I also need allowing traffic routing from eth1 to eth1 for some DNAT rules. But when the same traffic comes from eth1 , it does not go back to eth1. What am I doing wrong ? How can I solve this ? Thanks, ilker ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
Hi, This problem is really disturbing. When I check with tcpdump, I can see that the tcp packet is coming from br0 but it does not go out. If I log the DNAT rule with shorewall, I can see it in Shorewall log. Sep 8 20:27:37 router Shorewall:lan_dnat:DNAT: IN=br0 OUTMAC=00:0d:b9:12:cf:91:00:23:14:42:ef:dc:08:00 SRC=192.168.254.1 DST=192.168.254.254 LEN=48 TOS=00 PREC=0x00 TTL=128 ID=11692 DF PROTO=TCP SPT=54047 DPT=9309 SEQ=2417620935 ACK=0 WINDOW=8192 SYN URGP=0 But it never goes out... How can I solve this ? Thanks. From: İlker Aktuna [mailto:ilkera@kobiline.com] Sent: Sunday, September 08, 2013 3:07 AM To: shorewall-users@lists.sourceforge.net Subject: [Shorewall-users] routeback to same interface Hi, I am using v4.4.26.1 and I have a bridge interface on my firewall (br0). Under the bridge interface, I have 2 interfaces (eth1 and wlan0) For routing back to the same interface scenarios, I have the routeback option set on this interface: #ZONE INTERFACE BROADCAST OPTIONS lan br0 detect dhcp,routeback,routefilter And this works for traffic coming from wlan0 , going to eth1 and also in the other direction. However, I also need allowing traffic routing from eth1 to eth1 for some DNAT rules. But when the same traffic comes from eth1 , it does not go back to eth1. What am I doing wrong ? How can I solve this ? Thanks, ilker ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
On 9/8/2013 10:28 AM, İlker Aktuna wrote:> Hi, > > > > This problem is really disturbing. When I check with tcpdump, I can see > that the tcp packet is coming from br0 but it does not go out. > > If I log the DNAT rule with shorewall, I can see it in Shorewall log. > > > > Sep 8 20:27:37 router Shorewall:lan_dnat:DNAT: IN=br0 OUT> MAC=00:0d:b9:12:cf:91:00:23:14:42:ef:dc:08:00 SRC=192.168.254.1 > DST=192.168.254.254 LEN=48 TOS=00 PREC=0x00 TTL=128 ID=11692 DF > PROTO=TCP SPT=54047 DPT=9309 SEQ=2417620935 ACK=0 WINDOW=8192 SYN URGP=0 > > > > But it never goes out... > > > > How can I solve this ? >For any type of connection problem, we prefer to see the output of ''shorewall dump'' collected as described at http://www.shorewall.net/support.htm#Guidelines. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
Ok; dump output is attached to this mail. # shorewall status Shorewall-4.4.26.1 Status at router - Sun Sep 8 21:28:08 EEST 2013 Shorewall is running State:Started (Sun Sep 8 21:25:27 EEST 2013) from /etc/shorewall/ I hope it helps to identify the problem. I''ve tried an example just before the dump process. Source: 192.168.254.1 Destination: 192.168.254.254 : 9309 To be redirected to : 192.168.254.3 : 9309 Thanks. -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Sunday, September 08, 2013 8:35 PM To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] routeback to same interface On 9/8/2013 10:28 AM, İlker Aktuna wrote:> Hi, > > > > This problem is really disturbing. When I check with tcpdump, I can > see that the tcp packet is coming from br0 but it does not go out. > > If I log the DNAT rule with shorewall, I can see it in Shorewall log. > > > > Sep 8 20:27:37 router Shorewall:lan_dnat:DNAT: IN=br0 OUT> MAC=00:0d:b9:12:cf:91:00:23:14:42:ef:dc:08:00 SRC=192.168.254.1 > DST=192.168.254.254 LEN=48 TOS=00 PREC=0x00 TTL=128 ID=11692 DF > PROTO=TCP SPT=54047 DPT=9309 SEQ=2417620935 ACK=0 WINDOW=8192 SYN > URGP=0 > > > > But it never goes out... > > > > How can I solve this ? >For any type of connection problem, we prefer to see the output of ''shorewall dump'' collected as described at http://www.shorewall.net/support.htm#Guidelines. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
On 9/8/2013 11:29 AM, İlker Aktuna wrote:> Ok; dump output is attached to this mail. > > # shorewall status > Shorewall-4.4.26.1 Status at router - Sun Sep 8 21:28:08 EEST 2013 > > Shorewall is running > State:Started (Sun Sep 8 21:25:27 EEST 2013) from /etc/shorewall/ > > I hope it helps to identify the problem. I''ve tried an example just before the dump process. > Source: 192.168.254.1 > Destination: 192.168.254.254 : 9309 > To be redirected to : 192.168.254.3 : 9309Unfortunately, I see nothing wrong with the Shorewall-generated ruleset; it appears that the connection-request packet is not being rerouted back out of the bridge, even though the netfilter rules indicate that it should be. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
What can I do to solve it ? at least for troubleshooting ? I'd like to mention that when the packet is coming from another physical interface under same bridge interface, it works. So; Under br0, there are eth1 and wlan0 İf packet is coming from wlan0 and going to a server connected to eth1, it works. İf packet is coming from eth1 and going to a server connected to eth1 , it does not work. Thanks. -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Monday, September 09, 2013 6:50 AM To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] routeback to same interface On 9/8/2013 11:29 AM, İlker Aktuna wrote:> Ok; dump output is attached to this mail. > > # shorewall status > Shorewall-4.4.26.1 Status at router - Sun Sep 8 21:28:08 EEST 2013 > > Shorewall is running > State:Started (Sun Sep 8 21:25:27 EEST 2013) from /etc/shorewall/ > > I hope it helps to identify the problem. I've tried an example just before the dump process. > Source: 192.168.254.1 > Destination: 192.168.254.254 : 9309 > To be redirected to : 192.168.254.3 : 9309Unfortunately, I see nothing wrong with the Shorewall-generated ruleset; it appears that the connection-request packet is not being rerouted back out of the bridge, even though the netfilter rules indicate that it should be. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Are you using a Debian or derivative ? If so, maybe you did not enabled kernel forward ? check the content of /etc/sysctl.conf for this line : net.ipv4.ip_forward=1 If you have a 0 in the pace of the 1, change it and reboot . Fábio Rabelo 2013/9/9 İlker Aktuna <ilkera@kobiline.com>:> What can I do to solve it ? at least for troubleshooting ? > > I'd like to mention that when the packet is coming from another physical interface under same bridge interface, it works. > So; > Under br0, there are eth1 and wlan0 > İf packet is coming from wlan0 and going to a server connected to eth1, it works. > İf packet is coming from eth1 and going to a server connected to eth1 , it does not work. > > Thanks. > > -----Original Message----- > From: Tom Eastep [mailto:teastep@shorewall.net] > Sent: Monday, September 09, 2013 6:50 AM > To: shorewall-users@lists.sourceforge.net > Subject: Re: [Shorewall-users] routeback to same interface > > On 9/8/2013 11:29 AM, İlker Aktuna wrote: >> Ok; dump output is attached to this mail. >> >> # shorewall status >> Shorewall-4.4.26.1 Status at router - Sun Sep 8 21:28:08 EEST 2013 >> >> Shorewall is running >> State:Started (Sun Sep 8 21:25:27 EEST 2013) from /etc/shorewall/ >> >> I hope it helps to identify the problem. I've tried an example just before the dump process. >> Source: 192.168.254.1 >> Destination: 192.168.254.254 : 9309 >> To be redirected to : 192.168.254.3 : 9309 > > Unfortunately, I see nothing wrong with the Shorewall-generated ruleset; it appears that the connection-request packet is not being rerouted back out of the bridge, even though the netfilter rules indicate that it should be. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ------------------------------------------------------------------------------ > Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! > Discover the easy way to master current and previous Microsoft technologies > and advance your career. Get an incredible 1,500+ hours of step-by-step > tutorial videos with LearnDevNow. Subscribe today and save! > http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
I am using Ubuntu and ip forward is enabled in that file. BTw, all other forwarding is working. (from br0 to ppp0 for example) Just between 2 physical ,nterfaces under the bridge interface is not working. What else can I check ? Thx. -----Original Message----- From: Fábio Rabelo [mailto:fabio@fabiorabelo.wiki.br] Sent: Monday, September 09, 2013 11:10 PM To: Shorewall Users Subject: Re: [Shorewall-users] routeback to same interface Are you using a Debian or derivative ? If so, maybe you did not enabled kernel forward ? check the content of /etc/sysctl.conf for this line : net.ipv4.ip_forward=1 If you have a 0 in the pace of the 1, change it and reboot . Fábio Rabelo 2013/9/9 İlker Aktuna <ilkera@kobiline.com>:> What can I do to solve it ? at least for troubleshooting ? > > I'd like to mention that when the packet is coming from another physical interface under same bridge interface, it works. > So; > Under br0, there are eth1 and wlan0 > İf packet is coming from wlan0 and going to a server connected to eth1, it works. > İf packet is coming from eth1 and going to a server connected to eth1 , it does not work. > > Thanks. > > -----Original Message----- > From: Tom Eastep [mailto:teastep@shorewall.net] > Sent: Monday, September 09, 2013 6:50 AM > To: shorewall-users@lists.sourceforge.net > Subject: Re: [Shorewall-users] routeback to same interface > > On 9/8/2013 11:29 AM, İlker Aktuna wrote: >> Ok; dump output is attached to this mail. >> >> # shorewall status >> Shorewall-4.4.26.1 Status at router - Sun Sep 8 21:28:08 EEST 2013 >> >> Shorewall is running >> State:Started (Sun Sep 8 21:25:27 EEST 2013) from /etc/shorewall/ >> >> I hope it helps to identify the problem. I've tried an example just before the dump process. >> Source: 192.168.254.1 >> Destination: 192.168.254.254 : 9309 >> To be redirected to : 192.168.254.3 : 9309 > > Unfortunately, I see nothing wrong with the Shorewall-generated ruleset; it appears that the connection-request packet is not being rerouted back out of the bridge, even though the netfilter rules indicate that it should be. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ---------------------------------------------------------------------- > -------- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL > 2012, more! > Discover the easy way to master current and previous Microsoft > technologies and advance your career. Get an incredible 1,500+ hours > of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! > http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.c > lktrk _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Hi, I still couldn't find a solution to this issue. Does anyone have an idea ? How can I troubleshoot further ? Thanks. -----Original Message----- From: İlker Aktuna [mailto:ilkera@kobiline.com] Sent: Tuesday, September 10, 2013 12:10 AM To: 'Shorewall Users' Subject: Re: [Shorewall-users] routeback to same interface I am using Ubuntu and ip forward is enabled in that file. BTw, all other forwarding is working. (from br0 to ppp0 for example) Just between 2 physical ,nterfaces under the bridge interface is not working. What else can I check ? Thx. -----Original Message----- From: Fábio Rabelo [mailto:fabio@fabiorabelo.wiki.br] Sent: Monday, September 09, 2013 11:10 PM To: Shorewall Users Subject: Re: [Shorewall-users] routeback to same interface Are you using a Debian or derivative ? If so, maybe you did not enabled kernel forward ? check the content of /etc/sysctl.conf for this line : net.ipv4.ip_forward=1 If you have a 0 in the pace of the 1, change it and reboot . Fábio Rabelo 2013/9/9 İlker Aktuna <ilkera@kobiline.com>:> What can I do to solve it ? at least for troubleshooting ? > > I'd like to mention that when the packet is coming from another physical interface under same bridge interface, it works. > So; > Under br0, there are eth1 and wlan0 > İf packet is coming from wlan0 and going to a server connected to eth1, it works. > İf packet is coming from eth1 and going to a server connected to eth1 , it does not work. > > Thanks. > > -----Original Message----- > From: Tom Eastep [mailto:teastep@shorewall.net] > Sent: Monday, September 09, 2013 6:50 AM > To: shorewall-users@lists.sourceforge.net > Subject: Re: [Shorewall-users] routeback to same interface > > On 9/8/2013 11:29 AM, İlker Aktuna wrote: >> Ok; dump output is attached to this mail. >> >> # shorewall status >> Shorewall-4.4.26.1 Status at router - Sun Sep 8 21:28:08 EEST 2013 >> >> Shorewall is running >> State:Started (Sun Sep 8 21:25:27 EEST 2013) from /etc/shorewall/ >> >> I hope it helps to identify the problem. I've tried an example just before the dump process. >> Source: 192.168.254.1 >> Destination: 192.168.254.254 : 9309 >> To be redirected to : 192.168.254.3 : 9309 > > Unfortunately, I see nothing wrong with the Shorewall-generated ruleset; it appears that the connection-request packet is not being rerouted back out of the bridge, even though the netfilter rules indicate that it should be. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ---------------------------------------------------------------------- > -------- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL > 2012, more! > Discover the easy way to master current and previous Microsoft > technologies and advance your career. Get an incredible 1,500+ hours > of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! > http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.c > lktrk _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Hi Guys, I really help. I understand that this might not be a problem of Shorewall (yet why not) But in any case, how can I go further ? Where can I ask this question ? Thanks, -----Original Message----- From: İlker Aktuna [mailto:ilkera@kobiline.com] Sent: Wednesday, September 11, 2013 8:43 PM To: 'Shorewall Users' Subject: Re: [Shorewall-users] routeback to same interface Hi, I still couldn't find a solution to this issue. Does anyone have an idea ? How can I troubleshoot further ? Thanks. -----Original Message----- From: İlker Aktuna [mailto:ilkera@kobiline.com] Sent: Tuesday, September 10, 2013 12:10 AM To: 'Shorewall Users' Subject: Re: [Shorewall-users] routeback to same interface I am using Ubuntu and ip forward is enabled in that file. BTw, all other forwarding is working. (from br0 to ppp0 for example) Just between 2 physical ,nterfaces under the bridge interface is not working. What else can I check ? Thx. -----Original Message----- From: Fábio Rabelo [mailto:fabio@fabiorabelo.wiki.br] Sent: Monday, September 09, 2013 11:10 PM To: Shorewall Users Subject: Re: [Shorewall-users] routeback to same interface Are you using a Debian or derivative ? If so, maybe you did not enabled kernel forward ? check the content of /etc/sysctl.conf for this line : net.ipv4.ip_forward=1 If you have a 0 in the pace of the 1, change it and reboot . Fábio Rabelo 2013/9/9 İlker Aktuna <ilkera@kobiline.com>:> What can I do to solve it ? at least for troubleshooting ? > > I'd like to mention that when the packet is coming from another physical interface under same bridge interface, it works. > So; > Under br0, there are eth1 and wlan0 > İf packet is coming from wlan0 and going to a server connected to eth1, it works. > İf packet is coming from eth1 and going to a server connected to eth1 , it does not work. > > Thanks. > > -----Original Message----- > From: Tom Eastep [mailto:teastep@shorewall.net] > Sent: Monday, September 09, 2013 6:50 AM > To: shorewall-users@lists.sourceforge.net > Subject: Re: [Shorewall-users] routeback to same interface > > On 9/8/2013 11:29 AM, İlker Aktuna wrote: >> Ok; dump output is attached to this mail. >> >> # shorewall status >> Shorewall-4.4.26.1 Status at router - Sun Sep 8 21:28:08 EEST 2013 >> >> Shorewall is running >> State:Started (Sun Sep 8 21:25:27 EEST 2013) from /etc/shorewall/ >> >> I hope it helps to identify the problem. I've tried an example just before the dump process. >> Source: 192.168.254.1 >> Destination: 192.168.254.254 : 9309 >> To be redirected to : 192.168.254.3 : 9309 > > Unfortunately, I see nothing wrong with the Shorewall-generated ruleset; it appears that the connection-request packet is not being rerouted back out of the bridge, even though the netfilter rules indicate that it should be. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ---------------------------------------------------------------------- > -------- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL > 2012, more! > Discover the easy way to master current and previous Microsoft > technologies and advance your career. Get an incredible 1,500+ hours > of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! > http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.c > lktrk _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
On 9/13/2013 2:46 PM, İlker Aktuna wrote:> Hi Guys, > > I really help. I understand that this might not be a problem of Shorewall (yet why not)Let''s look at this: Here''s the INPUT chain: Chain PREROUTING (policy ACCEPT 89 packets, 5619 bytes) pkts bytes target prot opt in out source destination 1960 210K dnat all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dnat (1 references) pkts bytes target prot opt in out source destination 336 30878 wan_dnat all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 508 54430 wan_dnat all -- ppp1 * 0.0.0.0/0 0.0.0.0/0 0 0 wan_dnat all -- tun0 * 0.0.0.0/0 0.0.0.0/0 1116 125K lan_dnat all -- br0 * 0.0.0.0/0 0.0.0.0/0 <======== Chain lan_dnat (1 references) pkts bytes target prot opt in out source destination 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9306 to:192.168.254.21:80 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9307 to:192.168.254.22:80 6 312 ~log0 tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp dpt:9309 <===== 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9308 to:192.168.254.23:80 Chain ~log0 (1 references) pkts bytes target prot opt in out source destination 6 312 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix "Shorewall:lan_dnat:DNAT:" queue_threshold 1 <========= 6 312 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 to:192.168.254.3:9309 <======= Looking at the rules marked with <====== together with the log messages being generated, we know that 6 packets directed to TCP port 9309 were redirected to IP address 192.168.254.3 Now let''s look at the filter table: Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 82850 62M accounting all -- * * 0.0.0.0/0 0.0.0.0/0 1365 71260 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x02 TCPMSS clamp to PMTU 3578 452K ppp0_fwd all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 8067 819K ppp1_fwd all -- ppp1 * 0.0.0.0/0 0.0.0.0/0 0 0 tun0_fwd all -- tun0 * 0.0.0.0/0 0.0.0.0/0 71205 60M lan_frwd all -- br0 * 0.0.0.0/0 0.0.0.0/0 <======== 0 0 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 eth2_fwd all -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:" 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] Chain lan_frwd (1 references) pkts bytes target prot opt in out source destination 1946 311K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW 4234 944K lan2wan all -- * ppp0 0.0.0.0/0 0.0.0.0/0 10783 2861K lan2wan all -- * ppp1 0.0.0.0/0 0.0.0.0/0 0 0 lan2wan all -- * tun0 0.0.0.0/0 0.0.0.0/0 56188 57M lan2lan all -- * br0 0.0.0.0/0 0.0.0.0/0 <======= 0 0 lan2lanx all -- * eth0 0.0.0.0/0 0.0.0.0/0 0 0 lan2lanx all -- * eth2 0.0.0.0/0 0.0.0.0/0 Chain lan2lan (1 references) pkts bytes target prot opt in out source destination 1 60 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x02 tcpmss match 1452:65535 TCPMSS set 1452 1 60 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x02 tcpmss match 1452:65535 TCPMSS set 1452 56160 57M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.254.21 tcp dpt:80 ctorigdstport 9306 0 0 ACCEPT tcp -- * * 0.0.0.0/0 <===192.168.254.22 tcp dpt:80 ctorigdstport 9307 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.254.3 tcp dpt:9309 ctorigdstport 9309 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.254.23 tcp dpt:80 ctorigdstport 9308 28 6612 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 If Netfilter had correctly rerouted the packet, it would have matched the last marked rule. It didn''t; from that I conclude that Netfilter is not doing the right thing in this case. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
Thanks for analyzing it. This is not normal behaviour of netfilter right ? Where can I ask about netfilter issue ? Thx. -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Saturday, September 14, 2013 2:53 AM To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] routeback to same interface On 9/13/2013 2:46 PM, İlker Aktuna wrote:> Hi Guys, > > I really help. I understand that this might not be a problem of > Shorewall (yet why not)Let's look at this: Here's the INPUT chain: Chain PREROUTING (policy ACCEPT 89 packets, 5619 bytes) pkts bytes target prot opt in out source destination 1960 210K dnat all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dnat (1 references) pkts bytes target prot opt in out source destination 336 30878 wan_dnat all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 508 54430 wan_dnat all -- ppp1 * 0.0.0.0/0 0.0.0.0/0 0 0 wan_dnat all -- tun0 * 0.0.0.0/0 0.0.0.0/0 1116 125K lan_dnat all -- br0 * 0.0.0.0/0 0.0.0.0/0 <======== Chain lan_dnat (1 references) pkts bytes target prot opt in out source destination 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9306 to:192.168.254.21:80 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9307 to:192.168.254.22:80 6 312 ~log0 tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp dpt:9309 <===== 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9308 to:192.168.254.23:80 Chain ~log0 (1 references) pkts bytes target prot opt in out source destination 6 312 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix "Shorewall:lan_dnat:DNAT:" queue_threshold 1 <========= 6 312 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 to:192.168.254.3:9309 <======= Looking at the rules marked with <====== together with the log messages being generated, we know that 6 packets directed to TCP port 9309 were redirected to IP address 192.168.254.3 Now let's look at the filter table: Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 82850 62M accounting all -- * * 0.0.0.0/0 0.0.0.0/0 1365 71260 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x02 TCPMSS clamp to PMTU 3578 452K ppp0_fwd all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 8067 819K ppp1_fwd all -- ppp1 * 0.0.0.0/0 0.0.0.0/0 0 0 tun0_fwd all -- tun0 * 0.0.0.0/0 0.0.0.0/0 71205 60M lan_frwd all -- br0 * 0.0.0.0/0 0.0.0.0/0 <======== 0 0 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 eth2_fwd all -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:" 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] Chain lan_frwd (1 references) pkts bytes target prot opt in out source destination 1946 311K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW 4234 944K lan2wan all -- * ppp0 0.0.0.0/0 0.0.0.0/0 10783 2861K lan2wan all -- * ppp1 0.0.0.0/0 0.0.0.0/0 0 0 lan2wan all -- * tun0 0.0.0.0/0 0.0.0.0/0 56188 57M lan2lan all -- * br0 0.0.0.0/0 0.0.0.0/0 <======= 0 0 lan2lanx all -- * eth0 0.0.0.0/0 0.0.0.0/0 0 0 lan2lanx all -- * eth2 0.0.0.0/0 0.0.0.0/0 Chain lan2lan (1 references) pkts bytes target prot opt in out source destination 1 60 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x02 tcpmss match 1452:65535 TCPMSS set 1452 1 60 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x02 tcpmss match 1452:65535 TCPMSS set 1452 56160 57M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.254.21 tcp dpt:80 ctorigdstport 9306 0 0 ACCEPT tcp -- * * 0.0.0.0/0 <===192.168.254.22 tcp dpt:80 ctorigdstport 9307 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.254.3 tcp dpt:9309 ctorigdstport 9309 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.254.23 tcp dpt:80 ctorigdstport 9308 28 6612 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 If Netfilter had correctly rerouted the packet, it would have matched the last marked rule. It didn't; from that I conclude that Netfilter is not doing the right thing in this case. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/22/13. http://pubads.g.doubleclick.net/gampad/clk?id=64545871&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
On 9/14/2013 1:38 PM, İlker Aktuna wrote:> Thanks for analyzing it. > This is not normal behaviour of netfilter right ? > Where can I ask about netfilter issue ? >I would start with Ubuntu. First, be sure that all available updates are installed. Then if you still have the problem, submit a bug report. I just performed a similar test on my up-to-date Debian 7 gateway and the test worked as expected: /etc/shorewall/zones: dmz ipv4 /etc/shorewall/interfaces: dmz br0 routeback,proxyarp=1,required,wait=30 /etc/shorewall/rules: DNAT dmz dmz:70.90.191.125:80 tcp 80 - 70.90.191.121 /etc/shorewall/masq: br0 70.90.191.120/29 70.90.191.121 tcp 80 root@gateway:~# uname -a Linux gateway 3.2.0-4-amd64 #1 SMP Debian 3.2.46-1 x86_64 GNU/Linux root@gateway:~# Chain dmz-dmz (1 references) pkts bytes target prot opt in out source destination 1 60 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED 9 1666 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate ESTABLISHED 0 0 +dmz-dmz all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate UNTRACKED 1 60 ACCEPT tcp -- * * 0.0.0.0/0 70.90.191.125 ctorigdst 70.90.191.121 tcp dpt:80 ctorigdstport 80 <============ 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 I used port 80 rather than a high port, but that is irrelevant. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/22/13. http://pubads.g.doubleclick.net/gampad/clk?id=64545871&iu=/4140/ostg.clktrk
Thank you. I don't want to make a release update from 12.04 to 12.10 , as it would be risky for me with lots of services running on the router. Is there a simple way to install available updates for Ubuntu (I know this is not the right place but just asking) ? In your configuration, may the following parameters have any affect on my problem ? I know that they shouldn't but, in any case... proxyarp=1,required,wait=30 Thanks. -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Sunday, September 15, 2013 5:09 PM To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] routeback to same interface On 9/14/2013 1:38 PM, İlker Aktuna wrote:> Thanks for analyzing it. > This is not normal behaviour of netfilter right ? > Where can I ask about netfilter issue ? >I would start with Ubuntu. First, be sure that all available updates are installed. Then if you still have the problem, submit a bug report. I just performed a similar test on my up-to-date Debian 7 gateway and the test worked as expected: /etc/shorewall/zones: dmz ipv4 /etc/shorewall/interfaces: dmz br0 routeback,proxyarp=1,required,wait=30 /etc/shorewall/rules: DNAT dmz dmz:70.90.191.125:80 tcp 80 - 70.90.191.121 /etc/shorewall/masq: br0 70.90.191.120/29 70.90.191.121 tcp 80 root@gateway:~# uname -a Linux gateway 3.2.0-4-amd64 #1 SMP Debian 3.2.46-1 x86_64 GNU/Linux root@gateway:~# Chain dmz-dmz (1 references) pkts bytes target prot opt in out source destination 1 60 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED 9 1666 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate ESTABLISHED 0 0 +dmz-dmz all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate UNTRACKED 1 60 ACCEPT tcp -- * * 0.0.0.0/0 70.90.191.125 ctorigdst 70.90.191.121 tcp dpt:80 ctorigdstport 80 <============ 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 I used port 80 rather than a high port, but that is irrelevant. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/22/13. http://pubads.g.doubleclick.net/gampad/clk?id=64545871&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Ok; the command is "apt-get upgrade" This will update all packages keeping release 12.04 Do you think upgrading to 12.10 is necessary ? Thanks. -----Original Message----- From: İlker Aktuna [mailto:ilkera@kobiline.com] Sent: Sunday, September 15, 2013 6:32 PM To: 'Shorewall Users' Subject: RE: [Shorewall-users] routeback to same interface Thank you. I don't want to make a release update from 12.04 to 12.10 , as it would be risky for me with lots of services running on the router. Is there a simple way to install available updates for Ubuntu (I know this is not the right place but just asking) ? In your configuration, may the following parameters have any affect on my problem ? I know that they shouldn't but, in any case... proxyarp=1,required,wait=30 Thanks. -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Sunday, September 15, 2013 5:09 PM To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] routeback to same interface On 9/14/2013 1:38 PM, İlker Aktuna wrote:> Thanks for analyzing it. > This is not normal behaviour of netfilter right ? > Where can I ask about netfilter issue ? >I would start with Ubuntu. First, be sure that all available updates are installed. Then if you still have the problem, submit a bug report. I just performed a similar test on my up-to-date Debian 7 gateway and the test worked as expected: /etc/shorewall/zones: dmz ipv4 /etc/shorewall/interfaces: dmz br0 routeback,proxyarp=1,required,wait=30 /etc/shorewall/rules: DNAT dmz dmz:70.90.191.125:80 tcp 80 - 70.90.191.121 /etc/shorewall/masq: br0 70.90.191.120/29 70.90.191.121 tcp 80 root@gateway:~# uname -a Linux gateway 3.2.0-4-amd64 #1 SMP Debian 3.2.46-1 x86_64 GNU/Linux root@gateway:~# Chain dmz-dmz (1 references) pkts bytes target prot opt in out source destination 1 60 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED 9 1666 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate ESTABLISHED 0 0 +dmz-dmz all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate UNTRACKED 1 60 ACCEPT tcp -- * * 0.0.0.0/0 70.90.191.125 ctorigdst 70.90.191.121 tcp dpt:80 ctorigdstport 80 <============ 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 I used port 80 rather than a high port, but that is irrelevant. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/22/13. http://pubads.g.doubleclick.net/gampad/clk?id=64545871&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
On 09/15/2013 08:32 AM, İlker Aktuna wrote:> Thank you. > I don''t want to make a release update from 12.04 to 12.10 , as it would be risky for me with lots of services running on the router. > Is there a simple way to install available updates for Ubuntu (I know this is not the right place but just asking) ?apt-get update apt-get dist-upgrade> > In your configuration, may the following parameters have any affect on my problem ? > I know that they shouldn''t but, in any case... > proxyarp=1,required,wait=30 >Those options don''t affect the issue you are having. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/22/13. http://pubads.g.doubleclick.net/gampad/clk?id=64545871&iu=/4140/ostg.clktrk
Very interestingly, after the upgrade , problem is solved. I didn't understand how because the upgrade did not update any packages related to kernel, netfilter , routing, iptables etc... Any ideas about how this happened ? -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Sunday, September 15, 2013 7:21 PM To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] routeback to same interface On 09/15/2013 08:32 AM, İlker Aktuna wrote:> Thank you. > I don't want to make a release update from 12.04 to 12.10 , as it would be risky for me with lots of services running on the router. > Is there a simple way to install available updates for Ubuntu (I know this is not the right place but just asking) ?apt-get update apt-get dist-upgrade> > In your configuration, may the following parameters have any affect on my problem ? > I know that they shouldn't but, in any case... > proxyarp=1,required,wait=30 >Those options don't affect the issue you are having. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/22/13. http://pubads.g.doubleclick.net/gampad/clk?id=64545871&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
On 9/15/2013 12:41 PM, İlker Aktuna wrote:> Very interestingly, after the upgrade , problem is solved. > I didn''t understand how because the upgrade did not update any packages related to kernel, netfilter , routing, iptables etc... > > Any ideas about how this happened ?No -- Are you sure that there wasn''t a kernel update? What is the output of ''uname -a''? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
Hi, No kernel wasn't installed. Uname output is as below: oot@router:~# uname -a Linux router 3.2.0-38-generic #61-Ubuntu SMP Tue Feb 19 12:20:02 UTC 2013 i586 i586 i386 GNU/Linux It was the same before the upgrade. -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Monday, September 16, 2013 5:29 PM To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] routeback to same interface On 9/15/2013 12:41 PM, İlker Aktuna wrote:> Very interestingly, after the upgrade , problem is solved. > I didn't understand how because the upgrade did not update any packages related to kernel, netfilter , routing, iptables etc... > > Any ideas about how this happened ?No -- Are you sure that there wasn't a kernel update? What is the output of 'uname -a'? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
On 9/16/2013 10:28 AM, İlker Aktuna wrote:> Hi, > > No kernel wasn''t installed. > Uname output is as below: > oot@router:~# uname -a > Linux router 3.2.0-38-generic #61-Ubuntu SMP Tue Feb 19 12:20:02 UTC 2013 i586 i586 i386 GNU/Linux > > It was the same before the upgrade.Interesting. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk