[Firehol-support] Local Subnet and NFS

Casey McGinty casey.mcginty at gmail.com
Fri Feb 9 07:44:03 GMT 2007


Hi,

I have configured my local subnet (192.168.0.0) on eth1 to allow all server
connections:

interface eth1 local
   server all accept
   client all accept

The problem is that I am still seeing packets getting blocked. This is
causing my NFS drives to not properly mount. Any advice? I am using version:
firehol.sh,v 1.231 2004/11/01 00:13:00 ktsaou Exp $ from Ubuntu 6.10. I have
listed some of the log messages getting printed out.

Feb  8 21:26:06 sandman kernel: [79118.920725] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=172 TOS=0x00 PREC=0x00 TTL=64 ID=44819 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:26:06 sandman kernel: [79118.920772] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=172 TOS=0x00 PREC=0x00 TTL=64 ID=44820 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:26:06 sandman kernel: [79118.920794] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=172 TOS=0x00 PREC=0x00 TTL=64 ID=44821 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:26:10 sandman kernel: [79123.215031] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=160 TOS=0x00 PREC=0x00 TTL=64 ID=50781 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:26:11 sandman kernel: [79123.534936] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=160 TOS=0x00 PREC=0x00 TTL=64 ID=52066 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:26:11 sandman kernel: [79123.535187] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=160 TOS=0x00 PREC=0x00 TTL=64 ID=52068 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:26:17 sandman kernel: [79129.967252] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=172 TOS=0x00 PREC=0x00 TTL=64 ID=60786 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:26:17 sandman kernel: [79129.967320] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=172 TOS=0x00 PREC=0x00 TTL=64 ID=60787 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:26:17 sandman kernel: [79129.967342] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=172 TOS=0x00 PREC=0x00 TTL=64 ID=60788 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:26:17 sandman kernel: [79129.967373] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=172 TOS=0x00 PREC=0x00 TTL=64 ID=60789 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:26:17 sandman kernel: [79129.967393] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=172 TOS=0x00 PREC=0x00 TTL=64 ID=60790 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:26:18 sandman kernel: [79131.069593] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=172 TOS=0x00 PREC=0x00 TTL=64 ID=62500 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:26:25 sandman kernel: [79138.252625] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=176 TOS=0x00 PREC=0x00 TTL=64 ID=8334 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:26:26 sandman kernel: [79138.444463] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=8946 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:26:26 sandman kernel: [79138.444506] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=204 TOS=0x00 PREC=0x00 TTL=64 ID=8947 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:26:26 sandman kernel: [79138.444547] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=172 TOS=0x00 PREC=0x00 TTL=64 ID=8948 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:26:27 sandman kernel: [79139.904686] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=12712 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:26:27 sandman kernel: [79139.904731] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=12713 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:26:28 sandman kernel: [79140.605486] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=14626 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:26:29 sandman kernel: [79141.666833] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=17746 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:26:30 sandman kernel: [79142.963454] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=172 TOS=0x00 PREC=0x00 TTL=64 ID=20594 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:27:47 sandman kernel: [79219.500223] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=172 TOS=0x00 PREC=0x00 TTL=64 ID=26855 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:27:48 sandman kernel: [79220.678092] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=28217 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:27:48 sandman kernel: [79220.715580] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=28419 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:27:49 sandman kernel: [79221.283182] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=29532 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:27:49 sandman kernel: [79221.283213] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=29533 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:27:49 sandman kernel: [79221.364363] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=172 TOS=0x00 PREC=0x00 TTL=64 ID=29856 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:27:50 sandman kernel: [79222.392945] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=31143 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:27:50 sandman kernel: [79222.684577] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=32079 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
Feb  8 21:45:33 sandman kernel: [80283.934837] ''IN-local':'IN=eth1 OUT=
MAC=00:20:78:0e:e9:28:00:0e:0c:b3:03:6c:08:00 SRC=192.168.0.9 DST=
192.168.0.1 LEN=172 TOS=0x00 PREC=0x00 TTL=64 ID=36679 DF PROTO=TCP SPT=826
DPT=2049 WINDOW=32580 RES=0x00 ACK PSH URGP=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20070208/dd5ec5c5/attachment-0002.html>


More information about the Firehol-support mailing list