Actually I had the same thing on another mga9 machine. It refused to
send out a DPT of 80 (ie http did not work at all on it). I tried
rebooting and things work again, even though I had run shorewall restart
before the reboot and it did nothing.
On 2025-04-28, William Unruh <
unruh@invalid.ca> wrote:
On MGA8 shorewall. shorewall-5.2.8-2.mga8
I am getting weird behaviour on shorewall on an MGA8 installation
I have a local network 192.168.0.0/22
On one of the machines, the firewall is blocking outgoing packets
I have a zone net:mylan ipv4
which is hosts has 192.168.0.0/22 as one of the entries
In rules I have and entry
ACCEPT mylan fw tcp,udp 22,.....
where ... indicates a number of other ports I want to accept
However when I am on one of the machines ( a mga8 machine) I cannot ssh
out to any of the other machines n the 192.168.*.* machines. In the
shorewall log on dmesg (why in the world is it being directed to dmesg?)
On that mga8 machine I get lines which say that the connection is REJECT. Shorewall fw-mylan .... SRC=192.168.x,x DST=192.168.y.y SPT=Z DPT=22 .. where x.x is the mga8 IP end, and y.y is the machine I am trying to
connect to
I finally put in a line in rules
ACCEPT fw mylan tcp,udp 1-65535 -
Now it worked.
On no other machine on that or any other network I have, do I need that
extra kind of line. Outgoing ports are not filtered. But on this one it
seems it is if there is no explicit outgoing line in rules.
Note that this is NOT needed for any of the shorewall networks on any
other machine, whetehr on the mylan network or any other network. It is
also not needed on that mga8 machine for any of the other networks
defined in shorewall.
Is there some other place where one can tell shorewall not to filter
outgoing packets that is different on this mga8 machine?
(Yes, i know I should have mga9 u[grade, but have had the time due to
not having time to fix it if weirdnesses arise in the upgrade).
--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)