Uploads fail with shorewall enabled

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by JamesArmes on Server Fault See other posts from Server Fault or by JamesArmes
Published on 2011-06-28T20:51:02Z Indexed on 2011/06/29 0:23 UTC
Read the original article Hit count: 210

Filed under:
|
|
|
|

I have an Ubuntu 8.04 server with shorewall 4.0.6 installed. When I try to upload files using FTP, SCP, or cURL the file upload stalls almost immediatly and eventually times out. If I turn off shorewall then the uploads work fine. I don't have any rules that specifically allow FTP and I'm not too concerned with it, but I do need to be able to upload via 22 (SCP) and 80 & 443 (cURL).

This is what my rules look like:

COMMENT Allow Server to respond to any web (80) and SSL (443) requests
ACCEPT  net     $FW      tcp     80 
ACCEPT  $FW     net     tcp     80
ACCEPT  net     $FW      tcp     443
ACCEPT  $FW      net     tcp     443

COMMENT Allow Server to respond to SNMPD (161) requests
ACCEPT  net     $FW      udp     161

COMMENT Allow Server to respond to MySQL (3306) requests (for MySQL Graphing)
ACCEPT  net     $FW      tcp     3306

COMMENT Allow Server to respond to any SSH connection attempts, and to SSH out.
SSH/ACCEPT      net     $FW
SSH/ACCEPT      $FW     net

COMMENT Allow Server to make DNS Requests out.
DNS/ACCEPT      $FW             net

COMMENT Default "close" anything else.
Ping/REJECT     net             $FW
ACCEPT          $FW             net             icmp
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

I expected the top four ACCEPT lines to allow inbound and outbound traffic over 80 and 443 and I expected the two SSH/ACCEPT lines to allow inbound and outbound trffic over 22, including SCP.

Any help is greatly appreciated.

/etc/shorewall/policy contains the following (all lines above are commented out):

#
# Allow all connection requests from teh firewall to the internet
#
$FW             net             ACCEPT

#
# Policies for traffic originating from the Internet zone (net)
# Drop (ignore) all connection requests from the Internet to the firewall
#
net             all             DROP            info

# THE FOLLOWING POLICY MUST BE LAST
# Reject all other connection requests
all             all             REJECT          info

#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about linux

Related posts about ubuntu

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle