[Firehol-support] SYN ACK issues.
Winston Nolan
winston at louiskarol.com
Mon Jul 31 09:25:25 BST 2006
Hi there List,
First off, thank you for this brilliant application! You really made a
great effort, bash scripting is powerful man!
Guys, my firewall is working lovely - although I have one problem.
My mail will hit the outside ip of my adsl router then from there will
be forwarded into my network, I keep on getting this,
Jul 31 10:20:23 localhost kernel: 'PASS-unknown:'IN=eth0 OUT=eth0
SRC=10.1.30.251 DST=12.205.143.123 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=0
DF PROTO=TCP SPT=25 DPT=1107 WINDOW=5840 RES=0x00 ACK SYN URGP=0
Jul 31 10:20:28 localhost kernel: 'PASS-unknown:'IN=eth0 OUT=eth1
SRC=10.1.30.251 DST=196.36.166.122 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=0
DF PROTO=TCP SPT=25 DPT=47062 WINDOW=5792 RES=0x00 ACK SYN URGP=0
Jul 31 10:22:27 localhost kernel: 'PASS-unknown:'IN=eth0 OUT=eth0
SRC=10.1.30.251 DST=203.196.157.114 LEN=48 TOS=0x00 PREC=0x00 TTL=63
ID=0 DF PROTO=TCP SPT=25 DPT=3565 WINDOW=5840 RES=0x00 ACK SYN URGP=0
10.1.30.251 is the ip of my mailserver. How can I get past this?
Seems to me (complete novice) that the syn comes through but my ack
doesn't want to go?
I have the following in my firehol.conf
tcpmss auto
#forward http traffic to my webserver on the other side of the wireless
(eth1)
#nat to-destination 192.168.1.10 proto tcp dport 3128 dst 10.1.30.0/24
# Redirect http traffic to squid
#redirect to 3128 inface eth0 src 10.1.30.0/24 proto tcp dport 80
interface eth0 lan
server all accept
client all accept
interface eth1 wireless
server all accept
client all accept
router route1 inface eth0 outface eth1 src any dst any
masquerade
route all accept
router route2 inface eth1 outface eth0 src any dst any
masquerade
route all accept
router route3 inface eth0 outface eth0 src any dst any
route all accept
router route4 inface eth0 outface eth0 src 10.1.30.0/24 dst any
route all accept
Thank you very much for the support, and I wish you guys a lovely day!
Winston
More information about the Firehol-support
mailing list