Hi list! A stupid question of mine again... I already searched the internet, but didn't find any suitable information. I had the following entry in my firewall-log: Sep 20 22:32:04 memphis kernel: Packet log: rulchain REJECT eth0 PROTO=6 195.217.171.5:3675 xx.x.x.xx:80 L=44 S=0x10 I=38515 F=0x4000 T=106 SYN (#6) Sep 20 22:32:06 memphis kernel: Packet log: rulchain REJECT eth0 PROTO=6 195.217.171.5:3675 xx.x.x.xx:80 L=44 S=0x10 I=32117 F=0x4000 T=106 SYN (#6) Since I'm on a Cable-Internet, the second address, i.e. the destination, is an internal address. Am I wrong in suspecting that the possible suspect has come from inside that "internal" network? How else should he have got that IP? Plus, what port is that, he's coming from? TIA Markus
Hi list!
A stupid question of mine again... I already searched the internet, but didn't find any suitable information. I had the following entry in my firewall-log:
Sep 20 22:32:04 memphis kernel: Packet log: rulchain REJECT eth0 PROTO=6 195.217.171.5:3675 xx.x.x.xx:80 L=44 S=0x10 I=38515 F=0x4000 T=106 SYN (#6) Sep 20 22:32:06 memphis kernel: Packet log: rulchain REJECT eth0 PROTO=6 195.217.171.5:3675 xx.x.x.xx:80 L=44 S=0x10 I=32117 F=0x4000 T=106 SYN (#6)
Since I'm on a Cable-Internet, the second address, i.e. the destination, is an internal address. Am I wrong in suspecting that the possible suspect has come from inside that "internal" network? How else should he have got that IP? Plus, what port is that, he's coming from?
Congratulations, you use the SuSEpersonal-firewall, and you have set REJECT_ALL_INCOMING_CONNECTIONS to "eth0". What you see is a box connecting to your interface eth0, IP xx.x.x.xx, port 80. So this looks like a http request. The port where the connection is coming from is arbitrary - You are seeing two packet logs, both initiated from the same socket (it is the same port). Are you sure that eth0 is the interface you want to protect your machine from?
TIA
Markus
Thanks,
Roman.
--
- -
| Roman Drahtmüller
Am 2001.09.20 23:38:56 +0200 schrieb(en) Roman Drahtmueller:
Congratulations, you use the SuSEpersonal-firewall, and you have set REJECT_ALL_INCOMING_CONNECTIONS to "eth0". What you see is a box connecting to your interface eth0, IP xx.x.x.xx, port 80. So this looks like a http request. The port where the connection is coming from is arbitrary - You are seeing two packet logs, both initiated from the same socket (it is the same port).
Are you sure that eth0 is the interface you want to protect your machine from?
Well, uhm... I got some problems while working at the office, I can't make an X connection... But that's another problem. And, yes, I'm quite sure this is the device to protect, since this is the interface to the ISP. And I only have this one device ;-) If you have any suggestions, then spit them out. I would especially be grateful for a hint on how to allow boxes from xxx.xx.xx to connect to my X-server. I tried a lot, but nothing worked (except turning the firewall off...) Thanks! Markus __________________________________________________________________________ The three Rs of Microsoft support: Retry, Reboot, Reinstall.
Are you sure that eth0 is the interface you want to protect your machine from?
Well, uhm... I got some problems while working at the office, I can't make an X connection... But that's another problem. And, yes, I'm quite sure this is the device to protect, since this is the interface to the ISP.
If you use pppoe, then your interface is ppp0 (configure "modem" as your personal-firewall reject interface).
And I only have this one device ;-) If you have any suggestions, then spit them out. I would especially be grateful for a hint on how to allow boxes from xxx.xx.xx to connect to my X-server.
Take /sbin/SuSEpersonalfirewall into your editor and insert the line near the bottom: ipchains -p tcp -I $rulchain -s your.network.address.0/24 -d 0/0 6000 -j ACCEPT # and unlock again: chain_lock unlock
I tried a lot, but nothing worked (except turning the firewall off...)
A very much better way to do it is to use ssh with X11-forwarding turned on.
Thanks!
Markus
Roman.
--
- -
| Roman Drahtmüller
participants (2)
-
Markus Kohli
-
Roman Drahtmueller