From: Tom E. <te...@sh...> - 2003-02-23 17:39:25
|
--On Sunday, February 23, 2003 01:32:50 PM -0400 Ted Gervais <ve...@av...> wrote: > > On Sun, 23 Feb 2003, Tom Eastep wrote: > >> >> >> --On Sunday, February 23, 2003 12:59:22 PM -0400 Ted Gervais >> <ve...@av...> wrote: >> >> > Proto RefCnt Flags Type State I-Node PID/Program >> > name Path >> > unix 9 [ ] DGRAM 83 91/syslogd >> > /dev/log >> > unix 2 [ ] DGRAM 4833 75/dhcpcd >> > unix 2 [ ] DGRAM 234 179/ax25d >> > unix 2 [ ] DGRAM 230 178/netromd >> > unix 2 [ ] DGRAM 206 164/kissattach >> > >> > >> > Right here! This entry above (kissattach) is what loads/runs axip. >> > And further down I am reminded that it is running on port 'ax0' of the >> > ax25 utils.. >> >> Yes but those are AF_UNIX sockets!!! -- they have nothing to do with >> IP/Netfilter/Shorewall. They are very similar to named pipes and are only >> used for local communication. > > > I guess. Local, but over the internet in my case. And that covers the > whole world.. I know, I have nodes list from all around the world. Fine, but AF_UNIX sockets are only usable within a single host. So the netstat output above has absolutely no bearing on your problem. > >> >> > >> > <snip> >> > >> > Active AX.25 sockets >> > Dest Source Device State Vr/Vs Send-Q Recv-Q >> > VE1ATT-7 VE1DRG-7 ax0 ESTABLISHED 003/000 0 0 >> > * VE1DRG-8 ??? LISTENING 000/000 0 0 >> > >> > >> > See above - port device ax0. That is where the axip process is >> > running. Will this help the scripts such that iptables won't interfere >> > with that device/port?? >> > >> >> What does 'ip link show' produce? (or if you don't have 'ip', just run >> 'ifconfig'). > > This is what ip link shows: > > 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > 2: eth0: <BROADCAST,MULTICAST,NOTRAILERS,UP> mtu 1500 qdisc pfifo_fast > qlen 100 > link/ether 00:50:da:92:bb:20 brd ff:ff:ff:ff:ff:ff > 3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 > link/ether 00:50:ba:d0:f2:16 brd ff:ff:ff:ff:ff:ff > 4: tunl0@NONE: <NOARP,UP> mtu 256 qdisc noqueue > link/ipip 0.0.0.0 brd 0.0.0.0 > 5: nr0: <UP> mtu 216 qdisc noqueue > link/generic ac:8a:62:88:a4:8e:0e brd 00:00:00:00:00:00:00 > 6: nr1: <UP> mtu 216 qdisc noqueue > link/generic ac:8a:62:88:a4:8e:00 brd 00:00:00:00:00:00:00 > 7: nr2: <> mtu 236 qdisc noop > link/generic 00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00 > 8: nr3: <> mtu 236 qdisc noop > link/generic 00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00 > 9: ax0: <BROADCAST,UP> mtu 256 qdisc pfifo_fast qlen 10 > link/ax25 ac:8a:62:88:a4:8e:10 brd a2:a6:a8:40:40:40:60 So have you defined the ax0 interface to Shorewall and are you allowing ax.25 (protocol 93) to pass through it? -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ te...@sh... |