Mailinglist Archive: opensuse-security (394 mails)
| < Previous | Next > |
Re: [suse-security] Can't open any port
- From: Lars Ellenberg <l.g.e@xxxxxx>
- Date: Sat, 13 Dec 2003 10:22:22 +0100
- Message-id: <Web9XwVpAV8qFGUU2vaOqp0=lge@xxxxxx>
/ 2003-12-13 00:13:47 -0500
\ Daryl Lee:
> I have temporarily worked around my problem by reinstating the script
> (not SuSEfirewall2) that worked for me before installing SuSE. It may
> not be as encompassing (for example, it allows SSH connections on the
> internet interface from a workstation inside the firewall). But it will
> get me "over the hump" until a more elegant solution presents itself.
>
> Thanks for all the attempts to help.
try to get more logging information,
then you should see what is dropped in the syslog:
> > FW_LOG_DROP_CRIT="yes"
> > FW_LOG_DROP_ALL="no" <<-- set this to yes
> > FW_LOG_ACCEPT_CRIT="yes"
> > FW_LOG_ACCEPT_ALL="no" <<-- maybe even this, too
> > FW_LOG="--log-level warning --log-tcp-options --log-ip-option
> > --log-prefix SuSE-FW"
Then check which rule that might be: iptables -vnL | less -S
and find the conf option that causes the rule...
Lars Ellenberg
\ Daryl Lee:
> I have temporarily worked around my problem by reinstating the script
> (not SuSEfirewall2) that worked for me before installing SuSE. It may
> not be as encompassing (for example, it allows SSH connections on the
> internet interface from a workstation inside the firewall). But it will
> get me "over the hump" until a more elegant solution presents itself.
>
> Thanks for all the attempts to help.
try to get more logging information,
then you should see what is dropped in the syslog:
> > FW_LOG_DROP_CRIT="yes"
> > FW_LOG_DROP_ALL="no" <<-- set this to yes
> > FW_LOG_ACCEPT_CRIT="yes"
> > FW_LOG_ACCEPT_ALL="no" <<-- maybe even this, too
> > FW_LOG="--log-level warning --log-tcp-options --log-ip-option
> > --log-prefix SuSE-FW"
Then check which rule that might be: iptables -vnL | less -S
and find the conf option that causes the rule...
Lars Ellenberg
| < Previous | Next > |