[linux-l] SuSE 8.0 firewall läßt nichts mehr durch
Carl van Denzen
cvdenzen at hetnet.nl
Sa Apr 12 15:32:12 CEST 2003
Hello Michael,
BINGO!
/etc/ppp/ip-up gave me the hint. The problem was in
/etc/sysconfig/network/ifcfg-ippp2. There was no FIREWALL defined.
So I followed the next procedure:
# edit /etc/sysconfig/isdn/cfg-net2 instead and run
# SuSEconfig --module isdn
My problem is resolved!
Tnx very much!
Carl van Denzen.
Michael Baudinne wrote:
> Shalom Carl,
>
> Carl van Denzen wrote:
>
>> I tried your solution, but it doesn't work. I changed my
>> "/etc/sysconfig/SuSEfirewall2" (see the attachment).
>> I rebooted the pc.
>> And still the packets are not accepted (see a part of my
>> /var/log/messages in the attachment).
>
>
> let's see:
> Apr 9 22:08:07 linux1 kernel: ippp0: dialing 1 0676001505...
> (...)
> Apr 9 22:08:10 linux1 ipppd[437]: local IP address 195.121.206.4
> Apr 9 22:08:10 linux1 ipppd[437]: remote IP address 193.172.249.39
> Apr 9 22:08:11 linux1 modify_resolvconf: Service ipppd modified
> /etc/resolv.conf. See info block in this file
> Apr 9 22:08:12 linux1 SuSEfirewall2: Firewall rules successfully set
> from /etc/sysconfig/SuSEfirewall2
>
> The firewall was reloaded and thus the filter rules updated for the
> new IP-address :)
>
> let's see here:
> Apr 9 22:15:57 linux1 kernel: ippp2: dialing 1 0703883123...
> (...)
> Apr 9 22:16:01 linux1 ipppd[535]: local IP address 194.13.172.207
> Apr 9 22:16:01 linux1 ipppd[535]: remote IP address 194.13.173.251
> Apr 9 22:16:02 linux1 modify_resolvconf: Service ipppd modified
> /etc/resolv.conf. See info block in this file
> Apr 9 22:16:07 linux1 kernel: SuSE-FW-UNAUTHORIZED-TARGET IN=ippp2
> OUT= MAC= SRC=194.13.172.34 DST=194.13.172.207 LEN=158 T
> OS=0x00 PREC=0x00 TTL=60 ID=62204 PROTO=UDP SPT=53 DPT=32768 LEN=138
> Apr 9 22:16:12 linux1 kernel: SuSE-FW-UNAUTHORIZED-TARGET IN=ippp2
> OUT= MAC= SRC=194.13.172.33 DST=194.13.172.207 LEN=158 T
> OS=0x00 PREC=0x00 TTL=60 ID=17540 PROTO=UDP SPT=53 DPT=32769 LEN=138
> Apr 9 22:16:17 linux1 kernel: SuSE-FW-UNAUTHORIZED-TARGET IN=ippp2
> OUT= MAC= SRC=194.13.172.34 DST=194.13.172.207 LEN=158 T
> OS=0x00 PREC=0x00 TTL=60 ID=62226 PROTO=UDP SPT=53 DPT=32768 LEN=138
>
> No firewall has been reloaded and I think I saw dynamic IP negotiation ?!
>
> The firewall hasn't been reloaded, how should it know the new ip
> 194.13.172.207 is local and therefore refuses connects.
> You can test this theory with a manual reload right after connection
>
>> My internet provider on ippp0 is called Hetnet.
>> The main office is called Hazis (ippp2).
>> Don't worry about the USB messages: I am experimenting with it.
>>
>> I want to explain about ippp2: it is a dial-up to the main office,
>> the place where I normally go to work every day. Sometimes I work
>> from my home pc and then I dial ippp2.
>>
>> When I disable the firewall, I don't have any problems.
>> Can you explain why this settings do not work (i.e. refuse the dns
>> packets from ippp2 but accept them from ippp0)?
>
>
> I think the firewall is ok with your settings ..
>
> Check /etc/ppp/ip-up Script or first try 'rcSuSEfirewall2 restart'
> after you successfully connected top your office.
>
> KiSSes
> 9teen
>
> _______________________________________________
> linux-l mailing list
> linux-l at mlists.in-berlin.de
> https://mlists.in-berlin.de/mailman/listinfo/linux-l
>
Mehr Informationen über die Mailingliste linux-l