| View previous topic :: View next topic |
| Author |
Message |
gravis
Apprentice
Joined: 18 Apr 2002
Posts: 176
Location: Compiègne, France
|
 Posted: Thu Nov 20, 2003 2:09 pm Post subject: Emerge -u shorewall, no more nat ! |
 |
|
Hi all,
is there someone that have the same problem than me ? I upgraded shorewall a few day ago and restarted my gateway this morning. I can't access it anymore via network (nat isn't working too), and I can't ping machine in the network from the gateway 
I emerge again shorewall and iptables, same result... |
|
| Back to top |
|
 |
gravis
Apprentice
Joined: 18 Apr 2002
Posts: 176
Location: Compiègne, France
|
| Posted: Thu Nov 20, 2003 2:13 pm Post subject: |
|
|
here's the output of shorewall start :
| Code: |
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Starting Shorewall...
Loading Modules...
Initializing...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Connection Tracking Match: Available
Determining Zones...
Zones: net loc
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
Net Zone: ppp0:0.0.0.0/0
Local Zone: eth0:0.0.0.0/0
Processing /etc/shorewall/init ...
Deleting user chains...
Setting up Accounting...
Setting up User Sets...
Creating Interface Chains...
Configuring Proxy ARP
Setting up NAT...
Adding Common Rules
Setting up Kernel Route Filtering...
IP Forwarding Enabled
Processing /etc/shorewall/tunnels...
Processing /etc/shorewall/rules...
Rule "ACCEPT net fw tcp 80" added.
Rule "ACCEPT net fw tcp 22" added.
Rule "ACCEPT net fw tcp 8080" added.
Processing /etc/shorewall/policy...
Policy DROP for net to fw using chain net2all
Masqueraded Subnets and Hosts:
To 0.0.0.0/0 from 192.168.0.0/24 through ppp0
Processing /etc/shorewall/tos...
Rule "all all tcp - ssh 16" added.
Rule "all all tcp ssh - 16" added.
Rule "all all tcp - ftp 16" added.
Rule "all all tcp ftp - 16" added.
Rule "all all tcp ftp-data - 8" added.
Rule "all all tcp - ftp-data 8" added.
Processing /etc/shorewall/ecn...
Activating Rules...
Processing /etc/shorewall/start ...
Shorewall Started
|
and iptables -L :
| Code: |
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP !icmp -- anywhere anywhere state INVALID
ppp0_in all -- anywhere anywhere
eth0_in all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:'
reject all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
DROP !icmp -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ppp0_fwd all -- anywhere anywhere
eth0_fwd all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:'
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP !icmp -- anywhere anywhere state INVALID
fw2all all -- anywhere anywhere
fw2all all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain all2all (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:'
reject all -- anywhere anywhere
Chain common (4 references)
target prot opt source destination
icmpdef icmp -- anywhere anywhere
reject udp -- anywhere anywhere udp dpt:epmap
reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
reject udp -- anywhere anywhere udp dpt:microsoft-ds
reject tcp -- anywhere anywhere tcp dpt:netbios-ssn
reject tcp -- anywhere anywhere tcp dpt:microsoft-ds
reject tcp -- anywhere anywhere tcp dpt:epmap
DROP udp -- anywhere anywhere udp dpt:1900
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/4
reject tcp -- anywhere anywhere tcp dpt:auth
DROP udp -- anywhere anywhere udp spt:domain state NEW
DROP all -- anywhere 192.168.0.255
Chain dynamic (4 references)
target prot opt source destination
Chain eth0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
loc2all all -- anywhere anywhere
Chain eth0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
loc2all all -- anywhere anywhere
Chain fw2all (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere
Chain icmpdef (1 references)
target prot opt source destination
Chain loc2all (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere
Chain net2all (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
common all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain net2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:www
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:webcache
net2all all -- anywhere anywhere
Chain newnotsyn (5 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain ppp0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
net2all all -- anywhere anywhere
Chain ppp0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
net2fw all -- anywhere anywhere
Chain reject (10 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain shorewall (0 references)
target prot opt source destination
|
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
