Hello timo, all, Am Dienstag, 13. Januar 2004 09:16 schrieb timo: (...)
I am not 100% sure - but almost... This probably comes from the fact that the "external" port of your firewall has private address and the firewall scripts expect it to have public address. Therefore firewall considers the source address to be spoofed since the private addresses such as 192.168.x.y range can not appear in the (public) Internet.
If you check the script for the firewall (probably /sbin/SuSEfirewall2 as in SuSE 8.1) you will find lines where this issues is discussed, use "find" to search lines containing string "192.168".
There is a customary rule subroutine that is called before setting up these anti-spoofing and I think you might set your special rules in that subroutine and allow the connection from your PocketPC BEFORE the firewall drops/denies it. I gues you should define the subroutine "fw_custom_before_antispoofing()" in the /etc/sysconfig/SuSEfirewall2 settings file for this purpose. You can probably find a lot more information about this in /usr/share/doc/packages/SuSEfirewall2/README, as pointed out by the firewall script.
I solved the problem in this way. I defined a private custom-rule like the script FWSuSEfirewall2-custom in /etc/sysconfig/scripts: iptables -A INPUT -j ACCEPT -d 192.168.x.0/24 I wrote the file with this custom-rule (including the path to it) in the variable FW_CUSTOMRULES of the Firewall2script. Now it functioned fine :-) (...)
Spoofing here would mean that the firewall thinks that the source address of the incoming packet is false/crafted. Judged as such since the address is (as said) from private range and coming into a firewall port which is assumed to be public (by default). It is a good feature but causes problems when you are making a firewall between two private networks. I had the same problem once when I was teaching the firewall setup to a small group of others interested in Linux. Did not have the time to fix it back then but guessed what the problem might be.
If you want to learn more... In my opinion (note opinion here) the "TCP/IP Illustrated" group of books by Richard W Stevens are excellent for learning more about this and TCP/UDP/IP. Then there is a couple of good books about network intrusion detection which handle these issues merely from the attack side (meaning that they leave a lot of general IP issues out). I can check what I have in my book shelf.
Please check Your book shelf for me and let me know some recommendable ones. best regards, Andreas -- ## Content Developer OpenOffice.org: lang/DE ## Freie Office-Suite für Linux, Mac, Windows, Solaris ## http://de.openoffice.org ## Meine Seite http://www.amantke.de