Otto Rodusek (AP-SGP) wrote:
Ludwig Nussel wrote:
Otto Rodusek (AP-SGP) wrote:
Check the output of
SuSEfirewall2 status
I did as you requested and got LOTS of output (i've attached it here in gz format - hope I didn't break any netiquette) but I'm not sure what to look for!!?? Sorry, I'm not to expert in iptables!! Thanks and rgds. Otto.
There are lots and lots of drop rules for invididual IP addresses in the INPUT chain. Then a drop rule that unconditionally drops everything follows. So in theory you won't receive any traffic. Where do does that come from? Looks like some script running out of control. eth1 is your internal interface and eth0 the external one. Most traffic is on the internal one. You have FW_SERVICES_EXT_TCP=22 and FW_SERVICES_ACCEPT_EXT also set. Since rules for FW_SERVICES_EXT_TCP are installed first the latter rules never match. => Remove ports from FW_SERVICES_EXT_TCP that are also covered by FW_SERVICES_ACCEPT_EXT. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org