[Shorewall-newbies] Shorewall + portsentry restart causing NAT to fail

Tom Eastep teastep at shorewall.net
Tue Jan 27 06:59:49 PST 2004


On Monday 26 January 2004 11:11 pm, Ow Mun Heng wrote:
> Shorewall version 1.4.7
> iptables 1.2.7a
> RH9 + Kernel 2.4.24
>
> Hi,
>
> 	Just curious, I see that my NAT tends to hang during which
> portsentry restarts
> (to logrotate I presume) and I also see the corresponding "iptables
> restart".

That isn't a Shorewall message! Sounds like portsentry is doing "service 
iptables restart" or some such.

>
> I would need to do a /sbin/service shorewall restart to get thing moving
> again.

Or simply /sbin/shorewall restart

>
> I should've done a iptables -L to determine if shorewall(rules) is actually
> flushed
> but I didn't. So, this is my other alternative.
>
> So.. are the rules flushed? If so, how can I get portsentry to talk to
> shorewall
> or whatever that whenever they decide to restart, shorewall gets restarted
> as well??

This sounds very much like a Portsentry question rather than a Shorewall 
question. Have you consulted the Portsentry documentation to see how it 
interacts with iptables?

>
>
> BTW, does shorewall stops raw TCP packets even for root?

Shorewall cannot stop raw socket sends.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-newbies mailing list