Mailinglist Archive: opensuse-security (605 mails)
| < Previous | Next > |
problems with trusted net on suse firewall 2 v1.7
- From: Battisti Markus <markus.battisti@xxxxxxxxxx>
- Date: Mon, 15 Oct 2001 14:47:30 +0200
- Message-id: <AABAFABF7D45D511AAE00002B32C6BDE04AAE4@DS0102>
hi
i have a suse 7.2 with firewall 2 v1.7 and freeswan on it
2 network interfaces one is a privat net the other internet
i want a samba on the firewall who is only accessable from the privat net
(duuh)
ok so on
ipsec tunnels between 10.1.0.0/16 (office) and 10.5.0.0/16 (remote office 3
user)
trusted net is 10.1.0.0/16
i get always this message
without firewall all works perfect ... but without firewall!
10.1.10.23 is an w2k who wants to 10.5.9.104 who ist the samba on firewall
Oct 15 13:58:19 salzburgtunnel kernel: SuSE-FW-UNALLOWED-TARGETIN=ipsec0
OUT= MA
C=00:02:b3:1a:63:df:00:02:b3:2c:6c:16:08:00 SRC=10.1.10.23 DST=10.5.9.104
LEN=48
TOS=0x00 PREC=0x00 TTL=127 ID=25021 PROTO=TCP SPT=1523 DPT=445 WINDOW=16384
RES
=0x00 SYN URGP=0 OPT (020405B401010402)
Oct 15 13:58:25 salzburgtunnel kernel: SuSE-FW-UNALLOWED-TARGETIN=ipsec0
OUT= MA
C=00:02:b3:1a:63:df:00:02:b3:2c:6c:16:08:00 SRC=10.1.10.23 DST=10.5.9.104
LEN=48
TOS=0x00 PREC=0x00 TTL=127 ID=25023 PROTO=TCP SPT=1524 DPT=139 WINDOW=16384
RES
=0x00 SYN URGP=0 OPT (020405B401010402)
Oct 15 13:58:25 salzburgtunnel kernel: SuSE-FW-UNALLOWED-TARGETIN=ipsec0
OUT= MA
C=00:02:b3:1a:63:df:00:02:b3:2c:6c:16:08:00 SRC=10.1.10.23 DST=10.5.9.104
LEN=48
TOS=0x00 PREC=0x00 TTL=127 ID=25024 PROTO=TCP SPT=1523 DPT=445 WINDOW=16384
RES
=0x00 SYN URGP=0 OPT (020405B401010402)
FW_DEV_EXT="eth1 ipsec0"
FW_DEV_INT="eth0"
FW_DEV_DMZ=""
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="eth1"
FW_MASQ_NETS="10.5.0.0/16"
FW_PROTECT_FROM_INTERNAL="no"
FW_AUTOPROTECT_SERVICES="no"
FW_SERVICES_EXT_TCP="22 500 123"
FW_SERVICES_EXT_UDP="22 500 123"
FW_SERVICES_EXT_IP="50 51"
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_INT_TCP="1:65535"
FW_SERVICES_INT_UDP="1:65535"
FW_SERVICES_INT_IP="50 51"
FW_TRUSTED_NETS="10.1.0.0/16"
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
FW_SERVICE_AUTODETECT="no"
FW_SERVICE_DNS="no"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="yes"
FW_SERVICE_SQUID="no"
FW_SERVICE_SAMBA="yes"
FW_FORWARD="10.5.0.0/16,10.1.0.0/16 10.1.0.0/16,10.5.0.0/16"
FW_FORWARD_MASQ=""
FW_REDIRECT=""
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="no"
FW_LOG_ACCEPT_ALL="no"
FW_KERNEL_SECURITY="no"
FW_STOP_KEEP_ROUTING_STATE="yes"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="yes"
FW_ALLOW_PING_EXT="yes"
FW_ALLOW_FW_TRACEROUTE="yes"
FW_ALLOW_FW_SOURCEQUENCH="yes"
FW_ALLOW_FW_BROADCAST="no"
FW_IGNORE_FW_BROADCAST="yes"
FW_ALLOW_CLASS_ROUTING="yes"
#FW_CUSTOMRULES="/etc/rc.config.d/firewall2-custom.rc.config"
/"\
,,, \ / ASCII Ribbon Campain
/'^'\ X Against HTML Mail
( o o ) / \
oOOO--(_)--OOOo----------------------
Very funny Scotty. And now beam down my clothes.
Mit Freundlichen GrĂ¼ssen/Best Regards
proTask Consulting
mailto:markus.battisti@xxxxxxxxxx
i have a suse 7.2 with firewall 2 v1.7 and freeswan on it
2 network interfaces one is a privat net the other internet
i want a samba on the firewall who is only accessable from the privat net
(duuh)
ok so on
ipsec tunnels between 10.1.0.0/16 (office) and 10.5.0.0/16 (remote office 3
user)
trusted net is 10.1.0.0/16
i get always this message
without firewall all works perfect ... but without firewall!
10.1.10.23 is an w2k who wants to 10.5.9.104 who ist the samba on firewall
Oct 15 13:58:19 salzburgtunnel kernel: SuSE-FW-UNALLOWED-TARGETIN=ipsec0
OUT= MA
C=00:02:b3:1a:63:df:00:02:b3:2c:6c:16:08:00 SRC=10.1.10.23 DST=10.5.9.104
LEN=48
TOS=0x00 PREC=0x00 TTL=127 ID=25021 PROTO=TCP SPT=1523 DPT=445 WINDOW=16384
RES
=0x00 SYN URGP=0 OPT (020405B401010402)
Oct 15 13:58:25 salzburgtunnel kernel: SuSE-FW-UNALLOWED-TARGETIN=ipsec0
OUT= MA
C=00:02:b3:1a:63:df:00:02:b3:2c:6c:16:08:00 SRC=10.1.10.23 DST=10.5.9.104
LEN=48
TOS=0x00 PREC=0x00 TTL=127 ID=25023 PROTO=TCP SPT=1524 DPT=139 WINDOW=16384
RES
=0x00 SYN URGP=0 OPT (020405B401010402)
Oct 15 13:58:25 salzburgtunnel kernel: SuSE-FW-UNALLOWED-TARGETIN=ipsec0
OUT= MA
C=00:02:b3:1a:63:df:00:02:b3:2c:6c:16:08:00 SRC=10.1.10.23 DST=10.5.9.104
LEN=48
TOS=0x00 PREC=0x00 TTL=127 ID=25024 PROTO=TCP SPT=1523 DPT=445 WINDOW=16384
RES
=0x00 SYN URGP=0 OPT (020405B401010402)
FW_DEV_EXT="eth1 ipsec0"
FW_DEV_INT="eth0"
FW_DEV_DMZ=""
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="eth1"
FW_MASQ_NETS="10.5.0.0/16"
FW_PROTECT_FROM_INTERNAL="no"
FW_AUTOPROTECT_SERVICES="no"
FW_SERVICES_EXT_TCP="22 500 123"
FW_SERVICES_EXT_UDP="22 500 123"
FW_SERVICES_EXT_IP="50 51"
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_INT_TCP="1:65535"
FW_SERVICES_INT_UDP="1:65535"
FW_SERVICES_INT_IP="50 51"
FW_TRUSTED_NETS="10.1.0.0/16"
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
FW_SERVICE_AUTODETECT="no"
FW_SERVICE_DNS="no"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="yes"
FW_SERVICE_SQUID="no"
FW_SERVICE_SAMBA="yes"
FW_FORWARD="10.5.0.0/16,10.1.0.0/16 10.1.0.0/16,10.5.0.0/16"
FW_FORWARD_MASQ=""
FW_REDIRECT=""
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="no"
FW_LOG_ACCEPT_ALL="no"
FW_KERNEL_SECURITY="no"
FW_STOP_KEEP_ROUTING_STATE="yes"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="yes"
FW_ALLOW_PING_EXT="yes"
FW_ALLOW_FW_TRACEROUTE="yes"
FW_ALLOW_FW_SOURCEQUENCH="yes"
FW_ALLOW_FW_BROADCAST="no"
FW_IGNORE_FW_BROADCAST="yes"
FW_ALLOW_CLASS_ROUTING="yes"
#FW_CUSTOMRULES="/etc/rc.config.d/firewall2-custom.rc.config"
/"\
,,, \ / ASCII Ribbon Campain
/'^'\ X Against HTML Mail
( o o ) / \
oOOO--(_)--OOOo----------------------
Very funny Scotty. And now beam down my clothes.
Mit Freundlichen GrĂ¼ssen/Best Regards
proTask Consulting
mailto:markus.battisti@xxxxxxxxxx
| < Previous | Next > |