Main Archive Page > Month Archives > shorewall-users archives |
On Thu, Apr 12, 2012 at 3:19 PM, Tom Eastep <teastep@shorewall.net> wrote:
> On 04/11/2012 11:20 PM, Alessandro Faglia wrote:
>
> >
> > For what I understand I shouldn't have any output from tcpdump, or is it
> > normal? Do you see routing issues?
> >
>
> That looks okay. Now try running tcpdump on eth4 while you are testing;
> do you see response packets being sent out of eth4 rather than ppp0?
>
Yes I do:
# tcpdump -nei eth4 port 25 and host <nmap-host-ip>
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth4, link-type EN10MB (Ethernet), capture size 96 bytes
16:05:53.308093 00:04:23:e0:8a:51 > 00:25:9c:ca:6d:46, ethertype IPv4
(0x0800), length 58: <wan-ip>.25 > <nmap-host-ip> .36640: S
283332995:283332995(0) ack 2424569839 win 5840 <mss 1460>
16:05:53.406159 00:04:23:e0:8a:51 > 00:25:9c:ca:6d:46, ethertype IPv4
(0x0800), length 58: <wan-ip> .25 > <nmap-host-ip> .36641: S
382851284:382851284(0) ack 2424504304 win 5840 <mss 1460>
16:05:57.032048 00:04:23:e0:8a:51 > 00:25:9c:ca:6d:46, ethertype IPv4
(0x0800), length 58: <wan-ip> .25 > <nmap-host-ip> .36640: S
283332995:283332995(0) ack 2424569839 win 5840 <mss 1460>
16:05:57.831952 00:04:23:e0:8a:51 > 00:25:9c:ca:6d:46, ethertype IPv4
(0x0800), length 58: <wan-ip> .25 > <nmap-host-ip> .36641: S
382851284:382851284(0) ack 2424504304 win 5840 <mss 1460>
In this case <wan-ip> is the public IP (#1 in my previous examples) I'm
running nmap against from the test host:
# nmap -p 25 <wan-ip>
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-04-12 16:05
CEST
Interesting ports on <wan-ip> :
PORT STATE SERVICE
25/tcp filtered smtp
Nmap finished: 1 IP address (1 host up) scanned in 6.890 seconds
So I have packets flowing back thru eth4 that shouldn't be there, am I
correct? Is it a setup problem?
Thanks.
Alessandro
------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users