[Shorewall-newbies] Pings and connects work, but connection dropped immediately

Eugene Ventimiglia eventi at yahoo.com
Sat Jan 31 12:14:41 PST 2004


Some background (some names have been changed to protect the innocent):

eth0 (XXX.YYY.ZZZ.250) is external, connected to zone 'net' 
eth1 (192.168.100.1) is internal, connected to zone 'loc' 

3 servers connected on eth1 and mapped to public addresses (251-253) 
in /etc/shorewall/net (below)

When I try to connect into port 25 or 110 of my mail server(253), it
connects, but immediately breaks the connection. Nothing in the logs to
indicate that it's caused by a rule or policy (it would be logged, right?)

When I use nmap from outside it shows the ports open, and telnetting to 110
(or 25) yields:
Trying XXX.YYY.ZZZ.253...
Connected to XXX.YYY.ZZZ.253.
Escape character is '^]'.
Connection closed by foreign host.

Here are all the files I modified:

############################################################################
##
#
# Shorewall 1.2  -- Network Address Translation Table
# /etc/shorewall/nat
#
#EXTERNAL        INTERFACE   INTERNAL          ALL INTERFACES     LOCAL
XXX.YYY.ZZZ.251    eth0        192.168.100.11    yes                yes
XXX.YYY.ZZZ.252    eth0        192.168.100.12    yes                yes
XXX.YYY.ZZZ.253    eth0        192.168.100.13    yes                yes
############################################################################
##
#
# Shorewall 1.2 -- Proxy ARP
#
# /etc/shorewall/proxyarp
#
#ADDRESS             INTERFACE    EXTERNAL    HAVEROUTE
XXX.YYY.ZZZ.251        eth1        eth0        Yes        
XXX.YYY.ZZZ.252        eth1        eth0        Yes        
XXX.YYY.ZZZ.253        eth1        eth0        Yes        
############################################################################
##
#
# Shorewall 1.2 -- Policy File
#
# /etc/shorewall/policy
#
#CLIENT    SERVER     POLICY      LOG LEVEL
$FW        net        ACCEPT
$FW        loc        ACCEPT
loc        net        ACCEPT
loc        loc        ACCEPT
loc        $FW        ACCEPT
net        all        DROP        info
############################################################################
##
#
# Shorewall version 1.2 - Rules File
#
# /etc/shorewall/rules 
#
#RESULT       CLIENT(S)      SERVER(S)      PROTO   PORT(S)     CLIENT
PORT(S) ADDRESS
ACCEPT        loc            $FW            tcp     ssh
ACCEPT        net            $FW            tcp
ssh,auth,nameserver,domain
ACCEPT        net            $FW            udp     domain
ACCEPT        net            loc            tcp     smtp,pop3,1935,10001
ACCEPT        net            loc            icmp    echo-request



More information about the Shorewall-newbies mailing list