[linux-l] SuSE 8.0 firewall läßt nichts mehr durch
Michael Baudinne
mbaudinne at t-online.de
Do Apr 10 21:41:15 CEST 2003
Shalom Carl,
Carl van Denzen wrote:
> I tried your solution, but it doesn't work. I changed my
> "/etc/sysconfig/SuSEfirewall2" (see the attachment).
> I rebooted the pc.
> And still the packets are not accepted (see a part of my
> /var/log/messages in the attachment).
let's see:
Apr 9 22:08:07 linux1 kernel: ippp0: dialing 1 0676001505...
(...)
Apr 9 22:08:10 linux1 ipppd[437]: local IP address 195.121.206.4
Apr 9 22:08:10 linux1 ipppd[437]: remote IP address 193.172.249.39
Apr 9 22:08:11 linux1 modify_resolvconf: Service ipppd modified
/etc/resolv.conf. See info block in this file
Apr 9 22:08:12 linux1 SuSEfirewall2: Firewall rules successfully set
from /etc/sysconfig/SuSEfirewall2
The firewall was reloaded and thus the filter rules updated for the new
IP-address :)
let's see here:
Apr 9 22:15:57 linux1 kernel: ippp2: dialing 1 0703883123...
(...)
Apr 9 22:16:01 linux1 ipppd[535]: local IP address 194.13.172.207
Apr 9 22:16:01 linux1 ipppd[535]: remote IP address 194.13.173.251
Apr 9 22:16:02 linux1 modify_resolvconf: Service ipppd modified
/etc/resolv.conf. See info block in this file
Apr 9 22:16:07 linux1 kernel: SuSE-FW-UNAUTHORIZED-TARGET IN=ippp2 OUT=
MAC= SRC=194.13.172.34 DST=194.13.172.207 LEN=158 T
OS=0x00 PREC=0x00 TTL=60 ID=62204 PROTO=UDP SPT=53 DPT=32768 LEN=138
Apr 9 22:16:12 linux1 kernel: SuSE-FW-UNAUTHORIZED-TARGET IN=ippp2 OUT=
MAC= SRC=194.13.172.33 DST=194.13.172.207 LEN=158 T
OS=0x00 PREC=0x00 TTL=60 ID=17540 PROTO=UDP SPT=53 DPT=32769 LEN=138
Apr 9 22:16:17 linux1 kernel: SuSE-FW-UNAUTHORIZED-TARGET IN=ippp2 OUT=
MAC= SRC=194.13.172.34 DST=194.13.172.207 LEN=158 T
OS=0x00 PREC=0x00 TTL=60 ID=62226 PROTO=UDP SPT=53 DPT=32768 LEN=138
No firewall has been reloaded and I think I saw dynamic IP negotiation ?!
The firewall hasn't been reloaded, how should it know the new ip
194.13.172.207 is local and therefore refuses connects.
You can test this theory with a manual reload right after connection
> My internet provider on ippp0 is called Hetnet.
> The main office is called Hazis (ippp2).
> Don't worry about the USB messages: I am experimenting with it.
>
> I want to explain about ippp2: it is a dial-up to the main office, the
> place where I normally go to work every day. Sometimes I work from my
> home pc and then I dial ippp2.
>
> When I disable the firewall, I don't have any problems.
> Can you explain why this settings do not work (i.e. refuse the dns
> packets from ippp2 but accept them from ippp0)?
I think the firewall is ok with your settings ..
Check /etc/ppp/ip-up Script or first try 'rcSuSEfirewall2 restart' after
you successfully connected top your office.
KiSSes
9teen
Mehr Informationen über die Mailingliste linux-l