On Wednesday 08 May 2002 14:45, Togan Muftuoglu wrote:
* Nick Selby;
on 08 May, 2002 wrote: To which i say...HUH?? No packet filtering done.. Does that mean the firewall's up and not doing anything?
well it is not blocking anything however it logs the actions it would do normally so you can read the logs and decide where to tweak, hence is the name test
Ah. okay. So I've had a look at the log in /var/log/firewall and see the following rather disconcerting message: May 7 11:40:52 linux kernel: VFS: Disk change detected on device ide1(22,0) May 7 11:40:52 linux kernel: hdc: packet command error: status=0x51 { DriveReady SeekComplete Error } May 7 11:40:52 linux kernel: hdc: packet command error: error=0x50 May 7 11:40:52 linux kernel: ATAPI device hdc: May 7 11:40:52 linux kernel: Error: Illegal request -- (Sense key=0x05) May 7 11:40:52 linux kernel: Invalid field in command packet -- (asc=0x24, ascq=0x00) May 7 11:40:52 linux kernel: The failed "Start/Stop Unit" packet command was: May 7 11:40:52 linux kernel: "1b 00 00 00 03 00 00 00 00 00 00 00 " May 7 11:40:52 linux kernel: Error in command packet byte 4 bit 0 May 7 11:40:55 linux kernel: ISO 9660 Extensions: Microsoft Joliet Level 3 May 7 11:40:55 linux kernel: ISO 9660 Extensions: RRIP_1991A Can anyone shed any light on that one? I ifn;t think I had any ATAPI devices! Other than that the only thing I can see regarding the firewall setup is total gibberish to me: May 8 14:50:13 linux kernel: SuSE-FW-DROP-ANTI-SPOOF IN=eth0 OUT= MAC=00:d0:59:31:57:27:00:80:48:c9 :4a:7d:08:00 SRC=192.168.10.102 DST=192.168.10.4 LEN=153 TOS=0x00 PREC=0x00 TTL=128 ID=15021 DF PROT O=TCP SPT=1031 DPT=139 WINDOW=16855 RES=0x00 ACK PSH URGP=0 May 8 14:50:13 linux kernel: SuSE-FW-DROP-ANTI-SPOOF IN=eth0 OUT= MAC=00:d0:59:31:57:27:00:80:48:c9 :4a:7d:08:00 SRC=192.168.10.102 DST=192.168.10.4 LEN=158 TOS=0x00 PREC=0x00 TTL=128 ID=15022 DF PROT O=TCP SPT=1031 DPT=139 WINDOW=16816 RES=0x00 ACK PSH URGP=0 May 8 14:50:13 linux kernel: SuSE-FW-DROP-ANTI-SPOOF IN=eth0 OUT= MAC=00:d0:59:31:57:27:00:80:48:c9 :4a:7d:08:00 SRC=192.168.10.102 DST=192.168.10.4 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=15023 DF PROTO =TCP SPT=1031 DPT=139 WINDOW=16777 RES=0x00 ACK URGP=0 May 8 14:50:41 linux kernel: SuSE-FW-DROP-ANTI-SPOOF IN=eth0 OUT= MAC=00:d0:59:31:57:27:00:80:48:c9 :4a:7d:08:00 SRC=192.168.10.102 DST=192.168.10.4 LEN=79 TOS=0x00 PREC=0x00 TTL=128 ID=15084 DF PROTO =TCP SPT=1031 DPT=139 WINDOW=16777 RES=0x00 ACK PSH URGP=0 May 8 14:50:41 linux kernel: SuSE-FW-DROP-ANTI-SPOOF IN=eth0 OUT= MAC=00:d0:59:31:57:27:00:80:48:c9 :4a:7d:08:00 SRC=192.168.10.102 DST=192.168.10.4 LEN=83 TOS=0x00 PREC=0x00 TTL=128 ID=15085 DF PROTO =TCP SPT=1031 DPT=139 WINDOW=16738 RES=0x00 ACK PSH URGP=0 May 8 14:50:41 linux kernel: SuSE-FW-DROP-ANTI-SPOOF IN=eth0 OUT= MAC=00:d0:59:31:57:27:00:80:48:c9 :4a:7d:08:00 SRC=192.168.10.102 DST=192.168.10.4 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=15086 DF PROTO =TCP SPT=1031 DPT=139 WINDOW=16695 RES=0x00 ACK URGP=0 May 8 14:51:41 linux kernel: SuSE-FW-DROP-ANTI-SPOOF IN=eth0 OUT= MAC=00:d0:59:31:57:27:00:80:48:c9 :4a:7d:08:00 SRC=192.168.10.102 DST=192.168.10.4 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=15144 DF PROTO =TCP SPT=1031 DPT=139 WINDOW=16691 RES=0x00 ACK URGP=0 May 8 14:55:02 linux kernel: SuSE-FW-DROP-ANTI-SPOOF IN=eth0 OUT= MAC=00:d0:59:31:57:27:00:e0:98:96 :1b:fc:08:00 SRC=192.168.10.1 DST=192.168.10.4 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=1334 PROTO=UDP S PT=67 DPT=68 LEN=308
And still having to allow tcp port 139 ... could that be the problem I was having earlier when nothing got out - that I still had to allow etc. etc?
have you permit port 139 to internal in your firewall2.rc.config
Hmmm. I did find / -name firewall2* and got nada. Where would that be? TIA. Nick