Mailinglist Archive: opensuse (4348 mails)

< Previous Next >
Re: [SLE] SuSEfirewall
  • From: Brian Marr <cabernet@xxxxxxxxxxxxxxxx>
  • Date: Thu, 3 Oct 2002 07:01:23 +0930
  • Message-id: <200210030701.23630.cabernet@xxxxxxxxxxxxxxxx>
Answering my own email -
SuSEfirewall test is also reporting
Oct 3 06:42:27 Gringo smbd[10641]: [2002/10/03 06:42:27, 0]
smbd/service.c:make_connection(249)
Oct 3 06:42:27 Gringo smbd[10641]: localhost (148.240.98.224) couldn't find
service c
Oct 3 06:42:29 Gringo kernel: SuSE-FW-DROP-DEFAULT IN=ippp0 OUT= MAC=
SRC=148.240.98.224 DST=150.xxx.x. xxx LEN=40 TOS=0x00 PREC=0x00 TTL=107
ID=11567 DF PROTO=TCP SPT=1434 DPT=139 WINDOW=8756 RES=0x00 ACK UR
GP=0
I don't recognize 148.240.98.244 at all
Brian Marr


On Thursday 03 October 2002 06:40, Brian Marr wrote:
> I wonder where VMware should appear in the SuSEfirewall script ? I do not
> want it to be accessible to the internet, but accessible to my LAN (at
> least the Host). Currently SuSEfirewall is dropping VMware packets when I
> turn it on. Brian Marr
> Ifconfig
> Gringo:/home/magpie # ifconfig
> eth0 Link encap:Ethernet HWaddr 00:02:44:19:8B:50
> inet addr:192.xxx.xx.x Bcast:192.xxx.xx.xxx Mask:255.255.255.0
> inet6 addr: fe80::202:44ff:fe19:8b50/10 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:2603644 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1824661 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:280080492 (267.1 Mb) TX bytes:565419632 (539.2 Mb)
> Interrupt:9 Base address:0x1000
>
> ippp0 Link encap:Point-to-Point Protocol
> inet addr:150.xxx.x.xxx P-t-P:203.16.215.220
> Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP DYNAMIC MTU:1500
> Metric:1 RX packets:636883 errors:0 dropped:0 overruns:0 frame:0
> TX packets:615824 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:30
> RX bytes:437491432 (417.2 Mb) TX bytes:51316064 (48.9 Mb)
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:768791 errors:0 dropped:0 overruns:0 frame:0
> TX packets:768791 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:72052846 (68.7 Mb) TX bytes:72052846 (68.7 Mb)
>
> vmnet1 Link encap:Ethernet HWaddr 00:50:56:C0:00:01
> inet addr:192.168.77.1 Bcast:192.168.77.255 Mask:255.255.255.0
> inet6 addr: fe80::250:56ff:fec0:1/10 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:283923 errors:0 dropped:0 overruns:0 frame:0
> TX packets:349334 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>
> vmnet8 Link encap:Ethernet HWaddr 00:50:56:C0:00:08
> inet addr:192.168.120.1 Bcast:192.168.120.255
> Mask:255.255.255.0 inet6 addr: fe80::250:56ff:fec0:8/10 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:6693 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>
> Gringo:/home/magpie #
>
> On Wednesday 02 October 2002 23:32, James Oakley wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On October 2, 2002 08:43 am, Brian Marr wrote:
> > > Suse 8.0 Vmware 3.1
> > > My SuSEfirewall configuration is progressing. I am on the net !
> > > But am not sure what to make of this
> > > Brian Marr
> > >
> > > Oct 2 21:11:03 Gringo kernel: SuSE-FW-UNAUTHORIZED-TARGET IN=vmnet1
> > > OUT= MAC=00:50:56:c0:00:01:00:50:56:c1:6c:f5:08:00 SRC=192.168.77.128
> > > DST=192.168.77.1 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=49945 DF
> > > PROTO=TCP SPT=1025 DPT=139 WINDOW=8653 RES=0x00 ACK URGP=0
> >
> > IN=vmnet1 # The OS you're running under Vmware generated the packet
> > DPT=139 # That's the destination port, which is Netbios
> >
> > Basically, Windows under Vmware is sending traffic (looking for other
> > Windows boxes) and your SuSEfirewall is configured to reject and log
> > packets on port 139.
> >
> > - --
> > James Oakley
> > Engineering - SolutionInc Ltd.
> > joakley@xxxxxxxxxxxxxxx
> > http://www.solutioninc.com
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.0.6 (GNU/Linux)
> > Comment: For info see http://www.gnupg.org
> >
> > iD8DBQE9mvyA+FOexA3koIgRAlQbAJ0Zm0J0pearx0wqwdBzwJ2o7hHB4QCdEHxw
> > r5hMys3TdWXNQkoG6joROFk=
> > =WvUR
> > -----END PGP SIGNATURE-----


< Previous Next >