Hi, In log I get: ----------------------------------------------------------- Sep 30 16:19:03 host kernel: Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=ip1 DST=ip2 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=27279 DF PROTO=TCP SPT=51501 DPT=25 WINDOW=8192 RES=0x00 SYN URGP=0 ---------------------------------------------------------- Even in /etc/shorewall/rules I have ----------------------------------------------------------------------- ACCEPT net dmz:ip2 tcp 25 ----------------------------------------------------------------------- --------------------------------------------------------- shorewall version 4.5.20 -------------------------------------------------------- -------------------------------------------------------------------------------------------- shorewall show FORWARD Shorewall 4.5.20 Chain FORWARD at host - Mon Sep 30 16:23:59 EDT 2013 Counters reset Mon Sep 30 16:18:46 EDT 2013 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1976 158K net_frwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0 2767 3191K venet0_fwd all -- venet0 * 0.0.0.0/0 0.0.0.0/0 3 152 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 3 152 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:' 3 152 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] ---------------------------------------------------------------------------------------------- Where I should look? ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
On 9/30/2013 1:30 PM, Hristo Benev wrote:> Hi, > > In log I get: > ----------------------------------------------------------- > Sep 30 16:19:03 host kernel: Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=ip1 DST=ip2 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=27279 DF PROTO=TCP SPT=51501 DPT=25 WINDOW=8192 RES=0x00 SYN URGP=0 > ---------------------------------------------------------- > > Even in /etc/shorewall/rules I have > ----------------------------------------------------------------------- > ACCEPT net dmz:ip2 tcp 25 > ----------------------------------------------------------------------- > > --------------------------------------------------------- > shorewall version > 4.5.20 > -------------------------------------------------------- > > -------------------------------------------------------------------------------------------- > shorewall show FORWARD > Shorewall 4.5.20 Chain FORWARD at host - Mon Sep 30 16:23:59 EDT 2013 > > Counters reset Mon Sep 30 16:18:46 EDT 2013 > > Chain FORWARD (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source destination > 1976 158K net_frwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0 > 2767 3191K venet0_fwd all -- venet0 * 0.0.0.0/0 0.0.0.0/0 > 3 152 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 > 3 152 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'' > 3 152 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] > ---------------------------------------------------------------------------------------------- > > > Where I should look? >Shorewall FAQ 17. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
Interesting IN=eth0 OUT=eth0 It should be venet0 since ip2 is on VPS /etc/shorewall/interfaces:dmz $VPS_IF detect logmartians=0,routefilter=0,nets=(ip2,ip3,ip4),routeback /etc/shorewall/params:VPS_IF=venet0 I have misconfiguration somewhere... >-------- Оригинално писмо -------- >От: Tom Eastep teastep@shorewall.net >Относно: Re: [Shorewall-users] strange problem >До: shorewall-users@lists.sourceforge.net >Изпратено на: Вторник, 2013, Октомври 1 00:03:07 EEST> On 9/30/2013 1:30 PM, Hristo Benev wrote:> > Hi,> >> > In log I get:> > -----------------------------------------------------------> > Sep 30 16:19:03 host kernel: Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=ip1 DST=ip2 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=27279 DF PROTO=TCP SPT=51501 DPT=25 WINDOW=8192 RES=0x00 SYN URGP=0> > ----------------------------------------------------------> >> > Even in /etc/shorewall/rules I have> > -----------------------------------------------------------------------> > ACCEPT net dmz:ip2 tcp 25> > -----------------------------------------------------------------------> >> > ---------------------------------------------------------> > shorewall version> > 4.5.20> > --------------------------------------------------------> >> > --------------------------------------------------------------------------------------------> > shorewall show FORWARD> > Shorewall 4.5.20 Chain FORWARD at host - Mon Sep 30 16:23:59 EDT 2013> >> > Counters reset Mon Sep 30 16:18:46 EDT 2013> >> > Chain FORWARD (policy DROP 0 packets, 0 bytes)> > pkts bytes target prot opt in out source destination> > 1976 158K net_frwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0> > 2767 3191K venet0_fwd all -- venet0 * 0.0.0.0/0 0.0.0.0/0> > 3 152 Reject all -- * * 0.0.0.0/0 0.0.0.0/0> > 3 152 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'> > 3 152 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]> > ----------------------------------------------------------------------------------------------> >> >> > Where I should look?> >>> Shorewall FAQ 17.>> -Tom> --> Tom Eastep \ When I die, I want to go like my Grandfather who> Shoreline, \ died peacefully in his sleep. Not screaming like> Washington, USA \ all of the passengers in his car> http://shorewall.net \________________________________________________------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
On 9/30/2013 4:29 PM, Hristo Benev wrote:> Interesting > IN=eth0 OUT=eth0 > > It should be venet0 since ip2 is on VPS > > /etc/shorewall/interfaces:dmz $VPS_IF detect logmartians=0,routefilter=0,nets=(ip2,ip3,ip4),routeback > /etc/shorewall/params:VPS_IF=venet0 > > I have misconfiguration somewhere...Check your IP configuration; your routing table thinks that ip2 is reached via eth0. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \__________________________________________ ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
Indeed it was routing. Thanks for the pointer Tom. >-------- Оригинално писмо -------- >От: Tom Eastep teastep@shorewall.net >Относно: Re: [Shorewall-users] strange problem >До: shorewall-users@lists.sourceforge.net >Изпратено на: Вторник, 2013, Октомври 1 03:51:00 EEST> On 9/30/2013 4:29 PM, Hristo Benev wrote:> > Interesting> > IN=eth0 OUT=eth0> >> > It should be venet0 since ip2 is on VPS> >> > /etc/shorewall/interfaces:dmz $VPS_IF detect logmartians=0,routefilter=0,nets=(ip2,ip3,ip4),routeback> > /etc/shorewall/params:VPS_IF=venet0> >> > I have misconfiguration somewhere...>> Check your IP configuration; your routing table thinks that ip2 is> reached via eth0.>> -Tom> --> Tom Eastep \ When I die, I want to go like my Grandfather who> Shoreline, \ died peacefully in his sleep. Not screaming like> Washington, USA \ all of the passengers in his car> http://shorewall.net \__________________________________________------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users