shorewall-users April 2012 archive
Main Archive Page > Month Archives  > shorewall-users archives
shorewall-users: Re: [Shorewall-users] Problem with nat on a mul

Re: [Shorewall-users] Problem with nat on a multiple isp configuration

From: Tom Eastep <teastep_at_nospam>
Date: Thu Apr 12 2012 - 14:15:01 GMT
To: shorewall-users@lists.sourceforge.net

On 04/12/2012 07:10 AM, Alessandro Faglia wrote:
> On Thu, Apr 12, 2012 at 3:19 PM, Tom Eastep <teastep@shorewall.net
> <mailto:teastep@shorewall.net>> wrote:
>
> On 04/11/2012 11:20 PM, Alessandro Faglia wrote:
>
> >
> > For what I understand I shouldn't have any output from tcpdump, or
> is it
> > normal? Do you see routing issues?
> >
>
> That looks okay. Now try running tcpdump on eth4 while you are testing;
> do you see response packets being sent out of eth4 rather than ppp0?
>
>
> Yes I do:
>
> # tcpdump -nei eth4 port 25 and host <nmap-host-ip>
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth4, link-type EN10MB (Ethernet), capture size 96 bytes
> 16:05:53.308093 00:04:23:e0:8a:51 > 00:25:9c:ca:6d:46, ethertype IPv4
> (0x0800), length 58: <wan-ip>.25 > <nmap-host-ip> .36640: S
> 283332995:283332995(0) ack 2424569839 win 5840 <mss 1460>
> 16:05:53.406159 00:04:23:e0:8a:51 > 00:25:9c:ca:6d:46, ethertype IPv4
> (0x0800), length 58: <wan-ip> .25 > <nmap-host-ip> .36641: S
> 382851284:382851284(0) ack 2424504304 win 5840 <mss 1460>
> 16:05:57.032048 00:04:23:e0:8a:51 > 00:25:9c:ca:6d:46, ethertype IPv4
> (0x0800), length 58: <wan-ip> .25 > <nmap-host-ip> .36640: S
> 283332995:283332995(0) ack 2424569839 win 5840 <mss 1460>
> 16:05:57.831952 00:04:23:e0:8a:51 > 00:25:9c:ca:6d:46, ethertype IPv4
> (0x0800), length 58: <wan-ip> .25 > <nmap-host-ip> .36641: S
> 382851284:382851284(0) ack 2424504304 win 5840 <mss 1460>
>
> In this case <wan-ip>is the public IP (#1 in my previous examples) I'm
> running nmap against from the test host:
> # nmap -p 25 <wan-ip>
>
> Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-04-12 16:05
> CEST
> Interesting ports on <wan-ip> :
> PORT STATE SERVICE
> 25/tcp filtered smtp
>
> Nmap finished: 1 IP address (1 host up) scanned in 6.890 seconds
>
> So I have packets flowing back thru eth4 that shouldn't be there, am I
> correct? Is it a setup problem?

Most likely it is a bug in the ancient version of Shorewall you are
running. You can try:

- shorewall stop
- /etc/init.d/networking restart
- shorewall start

and see if that fixes it.

-Tom
-- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________

------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users