[Shorewall-users] shorewall starts blocking everything after a while

Dave Marotti landshark_666@hotmail.com
Mon, 01 Apr 2002 19:21:24 -0600


I'm not going to include much detail with this first message because I do 
not know what I'm supposed to include.

Shorewall is acting as a firewall for a single box with port forwarding 
enabled.  It is on a redhat 7.2 system with latest patches etc...  There are 
2 net cards, eth0->DSL, eth1->local_network.

Shorewall has been configured by hand.  I did not use one of the 
pre-generated set of rules etc... I have several rules in the rules file 
because this box also serves as a webserver, mail server, DNS, etc...

The shorewall firewall works for a little while (5-10 minutes), then all of 
a sudden it starts blocking EVERYTHING from the outside world.  After a 
little while, it lets up and lets more connections in, then it starts 
blocking everything again.  Meanwhile, all appropriate traffic *CAN* get out 
of the server through the firewall to the internet.

For example, here is one of my machines trying to ssh (a windows box) into 
the server through the firewall (which would normally work):

Apr  1 20:24:22 burrito kernel: Shorewall:all2all:REJECT:IN=eth1 OUT= 
MAC=00:a0:cc:7a:fd:f0:00:02:e3:0b:be:e3:08:00 SRC= 
DST= LEN=48 TOS=0x10 PREC=0x00 TTL=128 ID=7222 DF PROTO=TCP 
SPT=1896 DPT=22 WINDOW=16384 RES=0x00 SYN URGP=0

What I don't understand, is how packets seem to be getting onto eth1 - 
that's my local network interface.

If anyone can shed some light on this, I'd appreciate it.


