From: Tom E. <te...@sh...> - 2006-11-10 17:28:02
|
ko...@su... wrote: > Hopefully this hasn't been asked a number of times.. I did some searchi= ng,=20 > and didn't come up with anything initially. This is actually Shorewall FAQ #2 but it is disguised enough that you pro= bably didn't recognize it. >=20 > Here is my info (modified sightly to make safe to broadcast): So you believe in "security by obscurity"... > Masq: (not sure if this is necessary..) > eth0 0.0.0.0/0 175.31.30.10 It *is* necessary. >=20 > When I try to ftp to the box from the outside (72.36.210.44), the=20 > connection is refused, and the following is in the log: >=20 > Nov 10 16:25:17 revproxy kernel: Shorewall:FORWARD:REJECT:IN=3Deth0 OUT= =3Deth0=20 > SRC=3D72.36.210.44 DST=3D10.111.46.4 LEN=3D60 TOS=3D0x10 PREC=3D0x00 TT= L=3D48=20 > ID=3D61493 DF PROTO=3DTCP SPT=3D51483 DPT=3D21 WINDOW=3D5840 RES=3D0x00= SYN URGP=3D0A =46rom the answer to Shorewall FAQ 17 (Why are these packets being Dropped/Rejected?/How do I decode Shorewall log messages?): If the chain is FORWARD and the IN and OUT interfaces are the same, then= you probably need the 'routeback' option on that interface in /etc/shorewall/interfaces or you need the 'routeback' option in t= he relevant entry in /etc/shorewall/hosts. -Tom --=20 Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ te...@sh... PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key |