[Firehol-support] Outgoing snmp requests blocked by firehol
cefrodrigues at gmail.com
Sun Aug 23 16:00:26 BST 2009
At the first glance I would say that the connection tracking module
isn't being loaded for some reason. You can check by starting firehol
and then doing and "lsmod" and looking for any "conntrack" modules.
On Tue, Aug 18, 2009 at 11:34 PM, Alain Tésio<alain at floc2.net> wrote:
> I have snmp servers running on machines A and B.
> When I start firehol on the machine B, snmp requests from B to A fail
> with a timeout.
> When firehol is stopped, it works fine.
> I can see such a log on the machine B:
> Aug 18 08:33:24 sd-18517 kernel: [4671769.087536] ''IN-inet':'IN=eth0
> OUT= MAC=00:15:17:9c:be:a8:00:24:97:da:5f:bf:08:00 SRC=IP_A DST=IP_B
> LEN=128 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=161 DPT=40361
> In the firehol configuration, I have written "server snmp accept".
> And anyway this is about outgoing requests, and I have "client accept all"
> so I don't understand what is the problem.
> It looks like it has problems to recognize that the reply is related to
> the outgoing query.
> Below is my firehol.conf file.
> The machine B is running debian lenny, Kernel is 2.6.26, X86 / 64bits.
> Nothing else installed related to network filtering.
> Thanks for any hint,
> version 5
> home_ips="188.8.131.52 184.108.40.206"
> interface eth+ inet
> server snmp accept
> server http accept
> server https accept
> server ftp accept
> server dns accept
> server rndc accept
> server smtp accept
> server pop3 accept
> server ssh accept
> server ping accept
> server netbios_ns drop
> server netbios_dgm drop
> server dhcp drop
> server ident reject with tcp-reset # be nice and don't let other hosts wait for the timeout
> client all accept
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now. http://p.sf.net/sfu/bobj-july
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
More information about the Firehol-support