Hallo Liste,
wer erinnert sich noch an firewall v2.2 auf 'ner SuSE 6.2er? Ich versuche gerade selbiges ans Laufen zu kriegen. Nicht die 6.2er Kiste als solche. Die laeuft und laeuft und laeuft (weswegen ich auch kein update machen moechte. Ist 'nen P-166...) Einwahl ins Netz mit dynamischer IP klappt ohne Probleme. Auch das Routing von meinem 8.1er/XP Notebook klappt. Nur ich kann mich auch von draussen munter auf meine Kiste einloggen - und jeder andere (ungebetene) auch :-( Soviel vorweg - und nun die hoffentlich enstscheidenden Infos fuer Gurus, um mir dabei zu helfen, diesen Zustand zu beendigen... DAU-Pruegel wird ggf. auch eingesteckt...
Danke im voraus,
Stephan
AND - here we go!
Ich habe - nachdem ich erst 'nur' die rc.config geaendert und SuSEconfig durchgefuehrt habe - folgendes ausprobiert (nachdem in den letzten Tagen hier auch oefter erwaehnt wurde, dass bei dynamische IPs die firewall nach Aufbau der Verbindung (neu-) gestartet werden soll(te). Man nehme: /etc/isdn/ip-up. 1. Versuch ---------- '#ipfwadm´ durch 'ipfwadm-wrapper' ersetzt (also auch aktiviert...), da bei mir nicht ipfwadm sondern ipchains vorhanden ist. Brachte keine Neuigkeiten
2. Versuch ---------- Die dritte Zeile des Sniplets ---- snip: /etc/isdn/ip-up ---------------------------------------------- case "$BASENAME" in ip-up) /sbin/init.d/firewall restart ---- snap: /etc/isdn/ip-up ---------------------------------------------- eingefuegt. Keine Meldung in den messages, auf der console, wo auch immer...
Mittlerweile hab ich fast den Verdacht, dass ip-up sowieso nicht angelangt wird, da ich auch von ---- snip: /etc/isdn/ip-up ---------------------------------------------- echo "ok, NETDEV:$NETDEV; IFCONFIG:$IFCONFIG." echo " DEST: $DEST; DEFAULT: $DEFAULT" ---- snap: /etc/isdn/ip-up ---------------------------------------------- nichts sehe...
---- snip: Konsole beim booten ------------------------------------------ Starting firewall v2.2 Locked UDP ports: 1:1023 Locked TCP ports: 1:1023 Filters for incoming traffic loaded No restrictions for outbound traffic Filters for outgoing traffic loaded ---- snap: Konsole beim booten ------------------------------------------
Beim Runterfahren kommen beim shutdown noch Meldungen, dass N packets angekommen sind mit '0 packets droped'.
---- snip: /etc/rc.config ----------------------------------------------- # # Firewall settings - See /usr/doc/packages/firewall # for a detailed description # FW_START="yes" FW_LOCALNETS="192.168.10.0/24" FW_FTPSERVER="" FW_WWWSERVER="" FW_SSLSERVER="" FW_SSLPORT="443" FW_MAILSERVER="" FW_DNSSERVER="" FW_NNTPSERVER="" FW_NEWSFEED="" FW_WORLD_DEV="ippp0" FW_INT_DEV="eth0" FW_LOG_ACCEPT="yes" FW_LOG_DENY="yes" FW_ROUTER="" FW_FRIENDS="no" FW_INOUT="no" FW_SSH="no" FW_TRANSPROXY_OUT="" FW_TRANSPROXY_IN="" FW_REDIRECT="" FW_TCP_LOCKED_PORTS="1:1023" FW_UDP_LOCKED_PORTS="1:1023"
# # Masquerading settings - See /usr/doc/packages/firewall # for a detailed description # MSQ_START="yes" MSQ_NETWORKS="192.168.10.0/24" MSQ_DEV="ippp0" MSQ_MODULES="ip_masq_cuseeme ip_masq_ftp ip_masq_irc ip_masq_quake ip_masq_raud ---- snap: /etc/rc.config -----------------------------------------------
---- snip: /var/log/messages -------------------------------------------- Aug 29 08:05:55 pinguin kernel: ISDN subsystem Rev: 1.83/1.68/1.88/1.49/1.14/1.2 loaded Aug 29 08:05:55 pinguin kernel: HiSax: Linux Driver for passive ISDN cards Aug 29 08:05:55 pinguin kernel: HiSax: Version 3.2a (module) Aug 29 08:05:55 pinguin kernel: HiSax: Layer1 Revision 2.34 Aug 29 08:05:55 pinguin kernel: HiSax: Layer2 Revision 2.17 Aug 29 08:05:55 pinguin kernel: HiSax: TeiMgr Revision 2.12 Aug 29 08:05:55 pinguin kernel: HiSax: Layer3 Revision 2.9 Aug 29 08:05:55 pinguin kernel: HiSax: LinkLayer Revision 2.29 Aug 29 08:05:55 pinguin kernel: HiSax: Approval certification failed because of Aug 29 08:05:55 pinguin kernel: HiSax: unauthorized source code changes Aug 29 08:05:55 pinguin kernel: HiSax: Total 1 card defined Aug 29 08:05:55 pinguin kernel: HiSax: Card 1 Protocol EDSS1 Id=HiSax (0) Aug 29 08:05:55 pinguin kernel: HiSax: AVM PCI driver Rev. 1.9 Aug 29 08:05:55 pinguin kernel: AVM PCI: stat 0x2020a Aug 29 08:05:55 pinguin kernel: AVM PCI: Class A Rev 2 Aug 29 08:05:55 pinguin kernel: HiSax: AVM Fritz!PCI config irq:10 base:0xD000 Aug 29 08:05:55 pinguin kernel: AVM PCI: ISAC version (0): 2086/2186 V1.1 Aug 29 08:05:55 pinguin kernel: AVM Fritz PnP/PCI: IRQ 10 count 0 Aug 29 08:05:55 pinguin kernel: AVM Fritz PnP/PCI: IRQ 10 count 5 Aug 29 08:05:55 pinguin kernel: HiSax: DSS1 Rev. 2.14 Aug 29 08:05:55 pinguin kernel: HiSax: 2 channels added Aug 29 08:05:55 pinguin kernel: HiSax: MAX_WAITING_CALLS added Aug 29 08:05:55 pinguin kernel: HiSax: debugging flags card 1 set to 4 Aug 29 08:05:55 pinguin kernel: isdn: Verbose-Level is 3 Aug 29 08:05:55 pinguin kernel: ippp, open, slot: 0, minor: 0, state: 0000 Aug 29 08:05:55 pinguin kernel: ippp_ccp: allocating reset data structure Aug 29 08:05:55 pinguin kernel: ne2k-pci.c:v0.99L 2/7/98 D. Becker/P. Gortmaker http://cesdis.gsfc.nasa.gov/linux/drivers/ne2k-pci.html Aug 29 08:05:55 pinguin kernel: ne2k-pci.c: PCI NE2000 clone 'RealTek RTL-8029' at I/O 0xd400, IRQ 15. Aug 29 08:05:55 pinguin kernel: eth0: PCI NE2000 found at 0xd400, IRQ 15, 00:00:1C:0B:38:6D. Aug 29 08:05:55 pinguin kernel: argus uses obsolete (PF_INET,SOCK_PACKET) Aug 29 08:21:49 pinguin kernel: OPEN: 192.168.0.99 -> 194.25.2.129 ICMP Aug 29 08:21:49 pinguin kernel: ippp0: dialing 1 0191011... Aug 29 08:21:49 pinguin isdnlog: Aug 29 08:21:49 * tei 74 calling T-Online with Computer RING (Data) Aug 29 08:21:49 pinguin isdnlog: Aug 29 08:21:49 tei 74 calling T-Online with Computer Time:Sat Aug 29 08:06:00 1903 Aug 29 08:21:49 pinguin isdnlog: Aug 29 08:21:49 tei 74 calling T-Online with Computer COLP *INVALID* -- ignored! Aug 29 08:21:49 pinguin isdnlog: Aug 29 08:21:49 tei 74 calling T-Online with Computer CONNECT (Data) Aug 29 08:21:49 pinguin isdnlog: Aug 29 08:21:49 tei 74 calling T-Online with Computer Unknown provider 33 Aug 29 08:21:49 pinguin kernel: isdn_net: ippp0 connected Aug 29 08:21:49 pinguin kernel: isdn_net: chargetime of ippp0 now 102595 Aug 29 08:21:49 pinguin ipppd[135]: Local number: 998597, Remote number: 0191011, Type: outgoing Aug 29 08:21:49 pinguin ipppd[135]: PHASE_WAIT -> PHASE_ESTABLISHED, ifunit: 0, linkunit: 0, fd: 7 Aug 29 08:21:49 pinguin ipppd[135]: sent [0][LCP ConfReq id=0x1 <mru 1524> <magic 0xdbe91046>] Aug 29 08:21:49 pinguin ipppd[135]: rcvd [0][LCP ConfReq id=0x1 <mru 1524> <auth pap> <MPmrru 0x5f4> <MPdiscr: 0x1 [ 73 74 61 63 6b 69 6e 67 ]>] Aug 29 08:21:49 pinguin ipppd[135]: sent [0][LCP ConfRej id=0x1 <MPmrru 0x5f4>] Aug 29 08:21:49 pinguin ipppd[135]: rcvd [0][LCP ConfAck id=0x1 <mru 1524> <magic 0xdbe91046>] Aug 29 08:21:50 pinguin ipppd[135]: rcvd [0][LCP ConfReq id=0x2 <mru 1524> <auth pap> <MPdiscr: 0x1 [ 73 74 61 63 6b 69 6e 67 ]>] Aug 29 08:21:50 pinguin ipppd[135]: sent [0][LCP ConfAck id=0x2 <mru 1524> <auth pap> <MPdiscr: 0x1 [ 73 74 61 63 6b 69 6e 67 ]>] Aug 29 08:21:50 pinguin ipppd[135]: lcp layer is UP Aug 29 08:21:50 pinguin ipppd[135]: sent [0][PAP AuthReq id=0x1 user="XX" password="YY"] Aug 29 08:21:50 pinguin kernel: Received CCP frame from peer Aug 29 08:21:50 pinguin kernel: [0/0].ccp-rcv[0]: 01 01 00 09 11 05 00 01 04 Aug 29 08:21:50 pinguin kernel: Received CCP frame from daemon: Aug 29 08:21:50 pinguin kernel: [0/0].ccp-xmit[0]: ff 03 80 fd 01 01 00 04 Aug 29 08:21:50 pinguin kernel: Received CCP frame from daemon: Aug 29 08:21:50 pinguin kernel: [0/0].ccp-xmit[0]: ff 03 80 fd 04 01 00 09 11 05 00 01 04 Aug 29 08:21:50 pinguin kernel: Received CCP frame from peer Aug 29 08:21:50 pinguin kernel: [0/0].ccp-rcv[0]: 04 01 00 04 Aug 29 08:21:50 pinguin kernel: Received CCP frame from peer Aug 29 08:21:50 pinguin kernel: [0/0].ccp-rcv[0]: 01 02 00 0a 11 06 00 01 01 03 Aug 29 08:21:50 pinguin kernel: Received CCP frame from daemon: Aug 29 08:21:50 pinguin kernel: [0/0].ccp-xmit[0]: ff 03 80 fd 01 02 00 04 Aug 29 08:21:50 pinguin kernel: Received CCP frame from daemon: Aug 29 08:21:50 pinguin kernel: [0/0].ccp-xmit[0]: ff 03 80 fd 04 02 00 0a 11 06 00 01 01 03 Aug 29 08:21:50 pinguin kernel: Received CCP frame from peer Aug 29 08:21:50 pinguin ipppd[135]: rcvd [0][PAP AuthAck id=0x1msg=""] Aug 29 08:21:50 pinguin ipppd[135]: Remote message: Aug 29 08:21:50 pinguin ipppd[135]: MPPP negotiation, He: No We: No Aug 29 08:21:50 pinguin ipppd[135]: sent [0][IPCP ConfReq id=0x1 <addr 0.0.0.0>] Aug 29 08:21:50 pinguin ipppd[135]: CCP enabled! Trying CCP. Aug 29 08:21:50 pinguin ipppd[135]: CCP: got ccp-unit 0 for link 0 (protocol: 0x80fd) Aug 29 08:21:50 pinguin ipppd[135]: ccp_resetci! Aug 29 08:21:50 pinguin ipppd[135]: rcvd [0][IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 217.5.119.189>] Aug 29 08:21:50 pinguin ipppd[135]: sent [0][IPCP ConfRej id=0x1 <compress VJ 0f 01>] Aug 29 08:21:50 pinguin ipppd[135]: rcvd [0][CCP ConfReq id=0x1 <LZS (RFC) hists 1 check 4] Aug 29 08:21:50 pinguin ipppd[135]: ccp_resetci! Aug 29 08:21:50 pinguin ipppd[135]: sent [0][CCP ConfReq id=0x1] Aug 29 08:21:50 pinguin ipppd[135]: sent [0][CCP ConfRej id=0x1 <LZS (RFC) hists 1 check 4] Aug 29 08:21:50 pinguin ipppd[135]: rcvd [0][IPCP ConfNak id=0x1 <addr 217.2.82.114>] Aug 29 08:21:50 pinguin kernel: [0/0].ccp-rcv[0]: 04 02 00 04 Aug 29 08:21:50 pinguin ipppd[135]: sent [0][IPCP ConfReq id=0x2 <addr 217.2.82.114>] Aug 29 08:21:50 pinguin ipppd[135]: rcvd [0][IPCP ConfReq id=0x2 <addr 217.5.119.189>] Aug 29 08:21:50 pinguin ipppd[135]: sent [0][IPCP ConfAck id=0x2 <addr 217.5.119.189>] Aug 29 08:21:50 pinguin ipppd[135]: rcvd [0][CCP ConfRej id=0x1] Aug 29 08:21:50 pinguin ipppd[135]: rcvd [0][CCP ConfReq id=0x2 <LZS (Ascend pre-RFC)] Aug 29 08:21:50 pinguin ipppd[135]: ccp_resetci! Aug 29 08:21:50 pinguin ipppd[135]: sent [0][CCP ConfReq id=0x2] Aug 29 08:21:50 pinguin ipppd[135]: sent [0][CCP ConfRej id=0x2 <LZS (Ascend pre-RFC)] Aug 29 08:21:50 pinguin ipppd[135]: rcvd [0][IPCP ConfAck id=0x2 <addr 217.2.82.114>] Aug 29 08:21:50 pinguin ipppd[135]: local IP address 217.2.82.114 Aug 29 08:21:50 pinguin ipppd[135]: remote IP address 217.5.119.189 Aug 29 08:21:50 pinguin ipppd[135]: rcvd [0][CCP ConfRej id=0x2] Aug 29 08:46:28 pinguin isdnlog: Aug 29 08:46:28 tei 74 calling T-Online with Computer Normal call clearing (User) Aug 29 08:46:28 pinguin ipppd[135]: Modem hangup Aug 29 08:46:28 pinguin ipppd[135]: Connection terminated. Aug 29 08:46:28 pinguin ipppd[135]: taking down PHASE_DEAD link 0, linkunit: 0 Aug 29 08:46:28 pinguin kernel: isdn_net: local hangup ippp0 Aug 29 08:46:28 pinguin kernel: ippp0: Chargesum is 0 Aug 29 08:46:28 pinguin kernel: ippp, open, slot: 0, minor: 0, state: 0000 Aug 29 08:46:28 pinguin kernel: ippp_ccp: allocating reset data structure Aug 29 08:46:28 pinguin ipppd[135]: sent [0][LCP TermReq id=0x2 6c 69 6e 6b 20 63 6c 6f 73 65 64] Aug 29 08:46:28 pinguin ipppd[135]: LCP is down Aug 29 08:46:28 pinguin ipppd[135]: closing fd 7 from unit 0 Aug 29 08:46:28 pinguin ipppd[135]: link 0 closed , linkunit: 0 Aug 29 08:46:28 pinguin ipppd[135]: reinit_unit: 0 Aug 29 08:46:28 pinguin ipppd[135]: Connect[0]: /dev/ippp0, fd: 7 Aug 29 08:46:28 pinguin isdnlog: Aug 29 08:46:28 tei 74 calling T-Online with Computer HANGUP ( 0:24:39 I=876.7Kb O=257.7Kb) ---- snap: /var/log/messages --------------------------------------------
-- ------------------------------------------------------------------------ Stephan Eickschen Tel. : +49 (0)8153 28-1351 GeoForschungsZentrum Potsdam (GFZ) Fax. : +49 (0)8153 28-1207 Division 1, Section 1.2 c/o email: eicksch@gfz-potsdam.de DLR Oberpfaffenhofen 82234 Wessling Germany ------------------------------------------------------------------------