Menu
▾
▴
[Shorewall-users] tftp through shorewall
|
From: Jason B. <ja...@sh...> - 2003-05-31 02:38:28
|
I'm trying to set up a diskless linux client and shorewall seems to be blocking my tftp servers response to the client: May 30 21:01:45 cs6625200-169 kernel: Shorewall:all2all:REJECT:IN= OUT=eth1 SRC=192.168.1.1 DST=192.168.1.15 LEN=544 TOS=0x00 PREC=0x00 TTL=64 ID=44500 DF PROTO=UDP SPT=32890 DPT=2071 LEN=524 May 31 02:01:45 cs6625200-169 in.tftpd[29190]: tftpd: write: Operation not permitted My /etc/shorewall/rules looks like this: ACCEPT net fw tcp 22 - ACCEPT masq fw tcp 22 - ACCEPT loc fw tcp 22 - ACCEPT masq fw tcp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp,netbios-n\s,netbios-dgm,netbios-ssn,tftp - ACCEPT masq fw udp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp,netbios-n\s,netbios-dgm,netbios-ssn,tftp - ACCEPT fw masq tcp 631,515,137,138,139,22,69 - ACCEPT fw masq udp 631,515,137,138,139,22,69 - Here are the details about my setup: $ sudo /sbin/shorewall version 1.3.14 This is using the Mandrake installation of Shorewall. $ uname -a Linux cs6625200-169.austin.rr.com 2.4.21-0.13mdk #1 Fri Mar 14 15:08:06 EST 2003 i686 unknown unknown GNU/Linux $ ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:e0:29:2b:9f:d2 brd ff:ff:ff:ff:ff:ff inet 66.25.200.169/22 brd 255.255.255.255 scope global eth0 3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:50:ba:bf:c0:47 brd ff:ff:ff:ff:ff:ff inet 192.168.1.1/24 brd 192.168.1.255 scope global eth1 $ ip route show 192.168.1.0/24 dev eth1 scope link 66.25.200.0/22 dev eth0 proto kernel scope link src 66.25.200.169 127.0.0.0/8 dev lo scope link default via 66.25.200.1 dev eth0 $ lsmod Module Size Used by Tainted: P nls_cp437 5148 0 (autoclean) sg 34636 0 (autoclean) nls_cp850 4316 0 (autoclean) msdos 7404 0 (autoclean) vfat 11820 0 (autoclean) fat 37944 0 (autoclean) [msdos vfat] isofs 27988 0 (autoclean) zlib_inflate 21156 0 (autoclean) [isofs] nls_iso8859-1 3516 0 (autoclean) udf 90464 0 (autoclean) tdfx 35520 1 agpgart 40896 0 (autoclean) (unused) floppy 55132 0 (autoclean) parport_pc 25096 1 (autoclean) lp 8096 0 (autoclean) parport 34176 1 (autoclean) [parport_pc lp] ipt_TOS 1592 12 (autoclean) ipt_MASQUERADE 2104 1 (autoclean) ipt_LOG 4280 5 (autoclean) ipt_REJECT 3640 4 (autoclean) ipt_state 1080 64 (autoclean) iptable_mangle 2712 1 (autoclean) ip_nat_irc 3280 0 (unused) ip_nat_ftp 4016 0 (unused) iptable_nat 21048 3 [ipt_MASQUERADE ip_nat_irc ip_nat_ftp] ip_conntrack_irc 4304 1 ip_conntrack_ftp 5200 1 ip_conntrack 27264 4 [ipt_MASQUERADE ipt_state ip_nat_irc ip_nat_ftp iptable_nat ip_conntrack_irc ip_conntrack_ftp] iptable_filter 2348 1 (autoclean) ip_tables 14648 10 [ipt_TOS ipt_MASQUERADE ipt_LOG ipt_REJECT ipt_state iptable_mangle iptable_nat iptable_filter] au8820 163776 3 soundcore 6276 0 [au8820] nfsd 74256 8 (autoclean) af_packet 14952 2 (autoclean) 8139too 17160 2 (autoclean) mii 3832 0 (autoclean) [8139too] supermount 15296 3 (autoclean) sr_mod 16920 0 ide-cd 33856 0 cdrom 31648 0 [sr_mod ide-cd] ide-scsi 11280 0 sd_mod 13100 0 scsimon 9280 0 (unused) usb-storage 72952 0 scsi_mod 103284 7 [sg sr_mod ide-scsi sd_mod scsimon usb-storage] usb-uhci 24652 0 (unused) usbcore 72992 1 [usb-storage usb-uhci] rtc 8060 0 (autoclean) ext3 59916 4 jbd 38972 4 [ext3] -- Jason Bodnar ja...@sh... http://www.shakabuku.org "You want free speech? Let's see you acknowledge a man whose words make your blood boil who is standing center stage advocating at the top of his lungs that which you would spend a lifetime opposing at the top of yours." -- President Andrew Shephard, "The American President" |