similar to: Mysterious ICMP timeout?

I am seeing log file entries like this: IN=eth0 OUT=eth1 SRC=109.74.193.253 DST=x.y.z.34 LEN=122 TOS=0x00 PREC=0x00 TTL=48 ID=49692 PROTO=ICMP TYPE=3 CODE=3 [SRC=x.y.z.34 DST=109.74.193.253 LEN=94 TOS=0x00 PREC=0x00 TTL=53 ID=41330 PROTO=UDP SPT=34679 DPT=53 LEN=74 ] This is found on our gateway host. eth0 is the WAN i/f, eth1 is the LAN i/f. Our netblock is x.y.z.0/24. Can somebody tell me

Currently I have shorewal 2.2 installed om my debian 2.6.8 kernel. The firewall machine can access the internet via a ethernet modem fine. The firewall can ping the local network. The local network can ping the firewall server, see the samba files. Howeven teh local network cannot access the internet through the firewall Any suggestions? Rob van Overbruggen Settings and stats: Server: Eth1 :

Hi folks, I notice recently there are a lot of this: Jan 18 20:36:22 server kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:09:6b:a5:b1:65:00:07:50:e6:9a:40:08:00 SRC=202.147.243.4 DST=202.159.252.231 LEN=576 TOS=0x00 PREC=0xC0 TTL=58 ID=62481 PROTO=ICMP TYPE=3 CODE=1 [SRC=202.159.252.231 DST=202.147.243.4 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=14923 DF PROTO=TCP SPT=80 DPT=1248 WINDOW=6432

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=55 Summary: ICMP translation problem with local NAT Product: netfilter/iptables Version: linux-2.4.x Platform: other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: NAT AssignedTo: laforge@netfilter.org

Rowland, Thank you for all your help, I agree that this is not a Samba issue. Given rhat it works without the firewall. It' either a ufw or Windows 8.1 issue. Louis, Applied the rules you suggested to ufw exactly as written. No change. Still cannot connect with firewall enabled. Same error mesage as before "Cannot mount location ...". ufw log set to medium and copied below.

I've been seeing this kind of crap now for some time, and only in the past couple of weeks did I realize I was using the Plus Kernel instead of the normal stock kernel. Could this have something to do with it? Messages also appear mentioning something about a PowerNow K-8, which I thought was something you'd see from an AMD processor, not a quad core intel 64 bit box. Any insight

Here is the ufw.log after enabling logging medium and trying to connect to the windows net. Unfortunately the web Microsoft page is in German. I think it says window uses smb1 syntax. Jan 27 15:11:09 martin-RB042AV-ABA-a1410y kernel: [ 887.241685] [UFW BLOCK] IN=enp2s5 OUT= MAC=00:19:21:a2:11:5e:74:27:ea:ab:1e:e0:08:00 SRC=192.168.254.15 DST=192.168.254.39 LEN=90 TOS=0x00 PREC=0x00 TTL=128

I've been getting LOTS of messages like the below in the daily log, and from all indications, it appears to all be related to the cpu; the machine is just over a year old, and was the old vortex.wa4phy;net server from the downtown co-lo site. Aside from huge log files, and lots of other fluff, numerous problems of other nature have started cropping up. Anyone have any suggestions as to

At the current time I am not subscribed to the mailing list. I have a blacklist that I got from www.peerguardian.net that is rather large ( 81 kb). When shorewall start command is issued it takes about 20 mins for it to load. Is this normal or should I do this another way? Also I noticed something very strange with shorewall .. I have cron do a shorewall restart command every 24 hours and

I'm getting a gazillion of these probes in my firewall logs. I don't understand what's going on here,... These all look like bootp requests from 10.21.72.1, to 255.255.255.255. there's certainly no 10.x.x.x here on this network, and I don't get the destination address... is it possible to send packets out onto the internet addressed like that? whois doesn't turn up

My dcgui-qt (chat/file-sharing program) doesn''t work and I''m pretty sure it''s my firewall settings. dcgui-qt is a direct connect (file sharing & chat) client. According to the FAQ here (http://dcplusplus.sourceforge.net/faq/faq.php) all I should need to do is: ------- #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL #

Louis, Tried the rules you suggested: These work. I think that rules out any Windows problems. ufw insert 1 allow in on enp2s5 from 192.168.254.15 to 192.168.254.39 ufw insert 2 allow in on enp2s5 from 192.168.254.39 to 192.168.254.15 These do not work. ufw insert 1 allow in on enp2s5 proto tcp from 192.168.254.0/24 to 192.168.254.39 port 139,445 ufw insert 2 allow in on enp2s5 proto udp from

Hi, I have some problems with shorewall, I got disconnected every 10 minutes.. All the connections stops I am using Shorewall version 2.4.0-RC2 and it is running on debian 3.1r0 I can''t seem to find the problem. I hope you can help me with this. i post my log so that you can maby see where the problem is.(i have filtert some ip addresses) /sbin/shorewall show log Shorewall-2.4.0-RC2

hello there, im running a 3interface inet, dmz, loc. i have some public ip addresses. one public address is the router of the provider, the second one is the linux box running shorewall. all other public interfaces are on the dmz nic with proxy-arp. now whenever i do a traceroute (the dmz boxes are windows, icmp traceroute) the very first hop gets timeout/stars, then the router of the provider

Hi! Before anything, here is my hardware/software informations : Hardware : -IBM x345, 1 CPU, 1G RAM, IBM ServeRAID controlle -6 HD used with LVM, 2 volume group, 12 logical volumes all running ext3 Software : -RedHat Linux Enterprise AS (Academic) 3.0 update 1 -Kernel 2.4.21-4.0.2.EL -samba-3.0.2-6.3E -Running an apache 2 web server -On normal use, there is only 10-15 computers

Here's the output: Feb 9 15:51:26 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0f:ea:73:88:12:00:40:2b:67:5b:a7:08:00 SRC=192.168.1.54 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=51248 DF PROTO=TCP SPT=1964 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) Feb 9 15:51:28 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=

Hi all, I''m tring to isolate P2P traffic, specifically BitTorrent, for my QoS scripts. I can''t seem to completely isolate ALL BitTorrent traffic. I identify & mark packets and then use tc filters to put them into appropriate classes. My firewall rules (below) do the markings. My VoIP boxes'' and ICMP traffic get highest priority (mark 1). Then comes DNS, SSH,

Hi, I'm experiencing the most perplexing problem with iptables on CentOS 5.2. I'm hoping someone can point out what I must be missing here. I have memcached set up on several nodes on an internal network. I have the following rules set up to allow traffic between memcached nodes: IPTABLES -A INPUT -i bond0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.0/24 --dport 11211 -j ACCEPT

I have a gentoo 2.6.14 box with 4 nics, LAN/DMZ/PUB1/PUB2 LAN and DMZ have a 1918 /22 each, PUB1 and PUB2 have a /29 each of which 5 ips are assigned. Using the mangle table, I give all packets a mark (according to local policies) in the range 1-10. Using ip rule, i pass marks 1-5 through the pub1 route table, and marks 6-10 through the pub2 routing table. Using the nat table, I SNAT to one

Hello, Is there any reason why an IP-phone would pounder on port 5060 ? My firewall blocks the public IP because it thinks the remote IP is port scanning on port 5060. I think the phone is just registering but for some reason it does this repeatedly in a very short time. Oct 28 09:01:48 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00