Subj : New one in the making To : michael pierce From : Benny Pedersen Date : Fri Jul 27 2018 11:30:36 Hello michael! 23 Apr 2018 06:40, michael pierce wrote to All: Mvd>> 75 1:340/201 Michael Pierce Native ComCast OO Mvd>> At the moment he is outgoing only. It would appear that he has Mvd>> firewall issues. mp> if I disable IPV6 firewall. everything works if thats the case you need another firewall setup i post here shorewall6 show ----- ipv6 begins ----- Shorewall6 5.2.0.4 filter Table at localhost - Fri Jul 27 11:29:03 UTC 2018 Counters reset Wed Jul 25 19:50:32 UTC 2018 Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 10094 17M net-fw all eth0 * ::/0 ::/0 0 0 ACCEPT all lo * ::/0 ::/0 0 0 AllowICMPs icmpv6 * * ::/0 ::/0 0 0 Broadcast all * * ::/0 ::/0 0 0 DROP all * * ::/0 ff00::/8 0 0 LOG all * * ::/0 ::/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "INPUT REJECT " 0 0 reject all * * ::/0 ::/0 [goto] Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 AllowICMPs icmpv6 * * ::/0 ::/0 0 0 Broadcast all * * ::/0 ::/0 0 0 DROP all * * ::/0 ff00::/8 0 0 LOG all * * ::/0 ::/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "FORWARD REJECT " 0 0 reject all * * ::/0 ::/0 [goto] Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 4731 1375K ACCEPT all * eth0 ::/0 ::/0 0 0 ACCEPT all * lo ::/0 ::/0 0 0 AllowICMPs icmpv6 * * ::/0 ::/0 0 0 Broadcast all * * ::/0 ::/0 0 0 DROP all * * ::/0 ff00::/8 0 0 LOG all * * ::/0 ::/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "OUTPUT REJECT " 0 0 reject all * * ::/0 ::/0 [goto] Chain AllowICMPs (4 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 1 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 2 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 3 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 4 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 133 /* Needed ICMP types (RFC4890) */ 4827 502K ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 134 /* Needed ICMP types (RFC4890) */ 406 29232 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 135 /* Needed ICMP types (RFC4890) */ 417 30024 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 136 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 137 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 141 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 142 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 130 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 131 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 132 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 143 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 148 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 149 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 151 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 152 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 153 /* Needed ICMP types (RFC4890) */ Chain Broadcast (4 references) pkts bytes target prot opt in out source destination Chain logflags (7 references) pkts bytes target prot opt in out source destination 0 0 LOG all * * ::/0 ::/0 limit: up to 1/sec burst 10 mode srcip LOG flags 4 level 6 prefix "logflags DROP " 0 0 DROP all * * ::/0 ::/0 Chain net-fw (1 references) pkts bytes target prot opt in out source destination 4423 17M tcpflags tcp * * ::/0 ::/0 4306 17M ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED 92 7360 ACCEPT tcp * * ::/0 ::/0 multiport dports 24554,21 /* BINKD, FTP */ 5651 561K AllowICMPs icmpv6 * * ::/0 ::/0 44 3440 Broadcast all * * ::/0 ::/0 44 3440 DROP all * * ::/0 ::/0 Chain reject (3 references) pkts bytes target prot opt in out source destination 0 0 DROP all * * ff00::/8 ::/0 0 0 DROP 2 * * ::/0 ::/0 0 0 REJECT tcp * * ::/0 ::/0 reject-with tcp-reset 0 0 REJECT udp * * ::/0 ::/0 reject-with icmp6-port-unreachable 0 0 REJECT icmpv6 * * ::/0 ::/0 reject-with icmp6-addr-unreachable 0 0 REJECT all * * ::/0 ::/0 reject-with icmp6-adm-prohibited Chain sha-lh-634e06816c9e1b9e44e8 (0 references) pkts bytes target prot opt in out source destination Chain sha-rh-a8ae74fbde81fb36695f (0 references) pkts bytes target prot opt in out source destination Chain shorewall (0 references) pkts bytes target prot opt in out source destination 0 0 all * * ::/0 ::/0 recent: SET name: %CURRENTTIME side: source mask: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff Chain tcpflags (1 references) pkts bytes target prot opt in out source destination 0 0 logflags tcp * * ::/0 ::/0 [goto] tcp flags:0x3F/0x29 0 0 logflags tcp * * ::/0 ::/0 [goto] tcp flags:0x3F/0x00 0 0 logflags tcp * * ::/0 ::/0 [goto] tcp flags:0x06/0x06 0 0 logflags tcp * * ::/0 ::/0 [goto] tcp flags:0x05/0x05 0 0 logflags tcp * * ::/0 ::/0 [goto] tcp flags:0x03/0x03 0 0 logflags tcp * * ::/0 ::/0 [goto] tcp flags:0x19/0x09 0 0 logflags tcp * * ::/0 ::/0 [goto] tcp spt:0 flags:0x17/0x02 ----- ipv6 ends ----- and to help ipv4 only nodes ----- ipv4 begins ----- Shorewall 5.2.0.4 filter Table at localhost - Fri Jul 27 11:30:04 UTC 2018 Counters reset Wed Jul 25 19:50:32 UTC 2018 Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 34691 11M net-fw all -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "INPUT REJECT " 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "FORWARD REJECT " 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 28670 16M ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "OUTPUT REJECT " 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] Chain logflags (7 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 4 level 6 prefix "logflags DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain net-fw (1 references) pkts bytes target prot opt in out source destination 28728 9904K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 29198 10M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 161 8908 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 24554,21 /* BINKD, FTP */ 5329 464K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain reject (3 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST 0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0 0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain sha-lh-808ab60cd53e1b279efe (0 references) pkts bytes target prot opt in out source destination Chain sha-rh-38f33b07baed13723f96 (0 references) pkts bytes target prot opt in out source destination Chain shorewall (0 references) pkts bytes target prot opt in out source destination 0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255 Chain tcpflags (1 references) pkts bytes target prot opt in out source destination 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x3F/0x29 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x3F/0x00 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x06/0x06 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x05/0x05 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x03/0x03 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x19/0x09 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp spt:0 flags:0x17/0x02 ----- ipv4 ends ----- all firewalls works for me mp> but I really don't want to have do that +1 shorewall is my friend Regards Benny .... there can only be one way of life, and it works :) --- Msged/LNX 6.1.2 (Linux/4.17.10-gentoo (x86_64)) * Origin: I will always keep a PC running CPM 3.0 (2:230/0) .