LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-05-2012, 09:58 AM   #1
Artemus
LQ Newbie
 
Registered: Apr 2012
Posts: 6

Rep: Reputation: Disabled
What is my firewall blocking? (maybe ipsec-tools and/or nfsv4 related?)


I have two Ubuntu 12.04 LTS boxes acting as gateways that also join two LANs using an ipsec tunnel. The details are

Gateway 1:
LAN: 10.56.182.0/24
LAN IP: 10.56.182.1
WAN IP: xxx.yyy.68.11

ip route add 10.56.183.0/24 via xxx.yyy.68.11 src 10.56.182.1
is run on boot from /etc/rc.local


Gateway 2:
LAN: 10.56.183.0/24
LAN IP: 10.56.183.1
WAN IP: xxx.yyy.68.30

ip route add 10.56.182.0/24 via xxx.yyy.68.30 src 10.56.183.1
is run on boot from /etc/rc.local


Filesystems on each gateway are mounted on the other other gateway using nfsv4, mounted through the tunnel. That is, the filesystem on Gateway 1 is exported to 10.56.183.1 and is mounted on Gateway 2 from 10.56.182.1. This seems to work fine for the most part. However, periodically I find the following in the UFW firewall log on Gateway 2:

Code:
Jul  5 01:01:02 calvin kernel: [230584.711633] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyyy
.68.30 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=106 DF PROTO=TCP SPT=722 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul  5 01:01:03 calvin kernel: [230585.710517] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyyy
.68.30 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=107 DF PROTO=TCP SPT=722 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul  5 01:01:05 calvin kernel: [230587.714504] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyyy
.68.30 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=108 DF PROTO=TCP SPT=722 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul  5 01:01:09 calvin kernel: [230591.726522] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyyy
.68.30 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=109 DF PROTO=TCP SPT=722 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul  5 01:01:17 calvin kernel: [230599.742525] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyyy
.68.30 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=110 DF PROTO=TCP SPT=722 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul  5 01:01:33 calvin kernel: [230615.774530] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyyy
.68.30 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=111 DF PROTO=TCP SPT=722 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul  5 01:04:20 calvin kernel: [230782.072824] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyyy
.68.30 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58454 DF PROTO=TCP SPT=998 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul  5 01:04:21 calvin kernel: [230783.070748] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyyy
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58455 DF PROTO=TCP SPT=998 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul  5 01:04:23 calvin kernel: [230785.072453] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30  
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58456 DF PROTO=TCP SPT=998 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul  5 01:04:27 calvin kernel: [230789.086472] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30  
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58457 DF PROTO=TCP SPT=998 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul  5 01:04:29 calvin kernel: [230791.452089] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30  
LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=55852 DF PROTO=TCP SPT=948 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul  5 01:04:30 calvin kernel: [230792.448800] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30  
LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=55853 DF PROTO=TCP SPT=948 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul  5 01:04:32 calvin kernel: [230794.456101] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30  
LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=55854 DF PROTO=TCP SPT=948 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul  5 01:04:35 calvin kernel: [230797.102949] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30  
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58458 DF PROTO=TCP SPT=998 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul  5 01:04:36 calvin kernel: [230798.460959] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30  
LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=55855 DF PROTO=TCP SPT=948 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul  5 01:04:44 calvin kernel: [230806.468807] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30  
LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=55856 DF PROTO=TCP SPT=948 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul  5 01:04:51 calvin kernel: [230813.118755] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30  
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58459 DF PROTO=TCP SPT=998 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul  5 01:05:00 calvin kernel: [230822.501109] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30  
LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=55857 DF PROTO=TCP SPT=948 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul  5 01:06:44 calvin kernel: [230926.082700] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30  
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23222 DF PROTO=TCP SPT=978 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0 URGP=0
Jul  5 01:09:01 calvin kernel: [231063.802816] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30  
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=57878 DF PROTO=TCP SPT=1003 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul  5 01:09:02 calvin kernel: [231064.802468] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30  
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=57879 DF PROTO=TCP SPT=1003 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul  5 01:09:04 calvin kernel: [231066.806477] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30  
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=57880 DF PROTO=TCP SPT=1003 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul  5 01:09:32 calvin kernel: [231094.846470] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30  
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=57883 DF PROTO=TCP SPT=1003 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul  5 07:30:01 calvin kernel: [253923.840688] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30  
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=37181 DF PROTO=TCP SPT=844 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
Jul  5 07:30:02 calvin kernel: [253924.838090] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:20:16:69:f6:00:1f:d0:a2:21:aa:08:00 SRC=xxx.yyy.68.11 DST=xxx.yyy.68.30  
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=37182 DF PROTO=TCP SPT=844 DPT=54320 WINDOW=14600 RES=0x00 SYN URGP=0
It seems to be related to accessing one of the filesystems through nfsv4. I have all access through the tunnels opened and esp, ah, and upd 500 port open between the gateways. On Gateway 2:

$ sudo ufw status
[sudo] password for Artemus:
Status: active

To Action From
-- ------ ----
Anywhere ALLOW 10.56.0.0/16
Anywhere ALLOW xxx.yyy.68.11/esp
Anywhere ALLOW xxx.yyy.68.11/ah
Anywhere ALLOW xxx.yyy.68.11 500/udp



Does anyone have any idea what is being blocked by the firewall?

Last edited by Artemus; 07-06-2012 at 03:39 PM.
 
Old 07-08-2012, 07:57 AM   #2
Artemus
LQ Newbie
 
Registered: Apr 2012
Posts: 6

Original Poster
Rep: Reputation: Disabled
Following up my own post, I seem to have stumbled upon the problem. Looking at /etc/mtab, it seems that the NFS filesystems through the IPSEC tunnel were being mounted with clientaddr=xxx.yyy.68.30 (the WAN IP address) instead of clientaddr=10.56.183.1 (the LAN IP address). Adding the option clientaddr=10.58.183.1 to mount in /etc/fstab fixed it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
strongswan ipsec related Niharika.R Linux - Networking 0 06-03-2012 10:52 PM
ipsec tools 0.8 on Slackware 13.37 hubble Linux - Software 1 01-16-2012 05:51 AM
NFSv4 Being Blocked By Firewall dman777 Linux - Security 2 10-29-2011 11:58 PM
Does NFSv4 serve only files which are at least readable? (was: NFSv4 and SUID mount) Reuti Linux - Server 1 08-05-2011 04:13 PM
ipsec related functions atul_mehrotra Linux - Security 0 05-17-2005 03:34 AM


All times are GMT -5. The time now is 10:09 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration