Re: [suse-isdn] SuSEfirewall2 hängt nach erneuter Einwahl mit ippp0"
Hey Zum kernel : ich habe den orginal 2.4.16-66 (k-atlon) von der Suse8.1 DVD installiert, Yast2 Systemupdate sagt es gibt nichts zum updaten. Ist es der richtige, oder welchen würdest empfehlen. /etc/sysconfig/network/routes siht so aus : 192.168.0.2 192.168.0.1 255.255.255.0 default 62.255.253.197 - - #SuSEconfig.isdn generated line default 0.0.0.0 0.0.0.0 ippp0 /etc/sysconfig/network/ifroute-ippp0 gibt es nicht !? nochetwas gefunden : 1 - [...] iptables v1.2.7a: invalid mask `ippp0' specified Try `iptables -h' or 'iptables --help' for more information. [...] ? 2 - In /etc/sysconfig/isdn/cfg-net0 sieht so aus : CHARGEHUP="on" DEFAULTROUTE="yes" DYNAMICIP="yes" IPADDR="" MSN="04161557862" MULTILINK="yes" PROTOCOL="syncppp" PROVIDER="tonline" PTPADDR="" STARTMODE="onboot" FIREWALL="yes" jedoch /etc/sysconfig/network/ifcfg-ippp0 auch nach SuSEconfig --module isdn so - ist das ok ? # # DO NOT EDIT THIS FILE !!! # autogenerated by SuSEconfig.isdn from /etc/sysconfig/isdn/cfg-net0 # edit /etc/sysconfig/isdn/cfg-net0 instead and run # SuSEconfig --module isdn # STARTMODE="onboot" IPADDR="0.0.0.0" PTPADDR="0.0.0.0" DEFAULTROUTE="yes" FIREWALL="no" MSN="XXXXXXXXXXXXXXX" DIALMODE="auto" DIALPREFIX="" REMOTE_OUT="" REMOTE_IN="" PROVIDER="tonline" SECURE="on" CHARGEHUP="on" CALLBACK="" CBDELAY="" VERBOSE_LEVEL="" SLAVES="ippp1" MULTILINK="yes" SLAVEMSN="" SLAVE_IN="" SLAVE_OUT="" LAYER2="hdlc" LAYER3="trans" ENCAP="syncppp" IP_RESEND="" IP_RESEND_PARAMETER="" DYNAMICIP="yes" IPPPD_OPTIONS="" ASKPASSWORD="no" MTU="" MRU="" Gruß kai
Wie sieht /etc/sysconfig/network/routes und /etc/sysconfig/network/ifroute-ippp0
On Fri, Jan 24, 2003 at 09:10:42AM +0100, KaiU@gmx.de wrote:
Trag in /etc/sysconfig/isdn/cfg-net0 FIREWALL="yes" ein, danach SuSEconfig --module isdn
gesagt getan, folgendes passiert jetzt ! Kennt man das ? (
- Meldungen beim booten (dauert ewig !)
Kernel update einspielen. Mit dem orginal Kernel dauert DOD ca. 45 sek.
ifup-route: Error while excuting: ifup-route: Command 'ip route replace to 192.168.0.2/24 via
192.168.0.1' returned: ifup-route: RTNETLINK answers: Invalid argument MEHR SIEHE UNTEN (BOOT.log)
Wie sieht /etc/sysconfig/network/routes und /etc/sysconfig/network/ifroute-ippp0 aus ?
Clients und server pingen nach dem booten ins netz,
nach time out können sich die Cllients einwählen, der server nicht.
- viele SuSE-FW-ILLEGAL-TARGET meldungen MEHR SIEHE UNTEN MEssage.log
- nach neustaht der firewall ist alles ok ! )
Hier die massage.log vom prozess : [..] Jan 24 08:46:49 marvin kernel: SuSE-FW-ACCEPT IN=ippp0 OUT= MAC=
SRC=213.165.64.102 DST=217.0.60.123 LEN=52 TOS=0x08 PREC=0x00 TTL=58
ID=51566 DF PROTO=TCP SPT=80 DPT=1197 WINDOW=6798 RES=0x00 ACK URGP=0
OPT
(0101080A125E232B0004518F) Jan 24 08:47:15 marvin kernel: SuSE-FW-DROP-DEFAULT IN=ippp0 OUT=
MAC=
SRC=61.142.56.149 DST=217.0.60.123 LEN=78 TOS=0x00 PREC=0x00 TTL=116
ID=46421 PROTO=UDP SPT=1025 DPT=137 LEN=58 Jan 24 08:47:28 marvin isdnlog: Jan 24 08:47:28 tei 98 calling 0191011
with +49 4161/557862, Buxtehude 9.CI 0.133 EUR (after 0:08:04)
Jan 24 08:48:28 marvin isdnlog: Jan 24 08:48:28 tei 98 calling 0191011
with +49 4161/557862, Buxtehude 10.CI 0.148 EUR (after 0:09:04)
Jan 24 08:49:28 marvin isdnlog: Jan 24 08:49:28 tei 98 calling 0191011
with +49 4161/557862, Buxtehude 11.CI 0.163 EUR (after 0:10:04)
Jan 24 08:50:28 marvin isdnlog: Jan 24 08:50:28 tei 98 calling 0191011
with +49 4161/557862, Buxtehude 12.CI 0.178 EUR (after 0:11:04)
Jan 24 08:51:28 marvin isdnlog: Jan 24 08:51:28 tei 98 calling 0191011
with +49 4161/557862, Buxtehude 13.CI 0.193 EUR (after 0:12:04)
Jan 24 08:52:16 marvin kernel: isdn_net: Hupflags of ippp0 are 5
Jan 24 08:52:16 marvin kernel: isdn_net: local hangup ippp0 Jan 24 08:52:16 marvin kernel: ippp0: Chargesum is 0 Jan 24 08:52:16 marvin ipppd[537]: Modem hangup Jan 24 08:52:16 marvin ipppd[537]: Connection terminated. Jan 24 08:52:16 marvin ipppd[537]: taking down PHASE_DEAD link 0,
linkunit: 0 Jan 24 08:52:16 marvin ipppd[537]: sent [0][LCP TermReq id=0x3 6c 69
6e
6b
20 63 6c 6f 73 65 64] Jan 24 08:52:16 marvin ipppd[537]: LCP is down Jan 24 08:52:16 marvin ipppd[537]: closing fd 6 from unit 0 Jan 24 08:52:16 marvin ipppd[537]: link 0 closed , linkunit: 0 Jan 24 08:52:16 marvin ipppd[537]: reinit_unit: 0 Jan 24 08:52:16 marvin kernel: ippp, open, slot: 2, minor: 0, state:
0000
Jan 24 08:52:16 marvin kernel: ippp_ccp: allocated reset data
structure
d0795000 Jan 24 08:52:16 marvin ipppd[537]: Connect[0]: /dev/ippp0, fd: 6
Jan 24 08:52:16 marvin kernel: ippp_ccp: freeing reset data structure
c306a800 Jan 24 08:52:16 marvin kernel: kcapi: appl 1 ncci 0x10101 down Jan 24 08:52:16 marvin isdnlog: Jan 24 08:52:16 tei 98 calling 0191011
with +49 4161/557862, Buxtehude HANGUP (13 CI 0.193 EUR 0:12:52
I=729.8Kb O=136.4Kb) Jan 24 08:52:16 marvin kernel: capidrv-1: DISCONNECT_IND reason 0x3400
(No additional information) for plci 0x101 Jan 24 08:52:16 marvin modify_resolvconf: restored /etc/resolv.conf.saved.by.ipppd.ippp0 to /etc/resolv.conf Jan 24 08:52:16 marvin ifup-route: Warning: Could not set up default
route
via interface ippp0 Jan 24 08:52:16 marvin ifup-route: Command 'ip route replace to
default via 62.255.253.197' returned: Jan 24 08:52:16 marvin ifup-route: . "RTNETLINK answers: Network
is
unreachable" Jan 24 08:52:16 marvin ifup-route: Configuration line: default
62.255.253.197 - - Jan 24 08:52:16 marvin ifup-route: This needs NOT to be AN ERROR
if
you set up multiple interfaces. Jan 24 08:52:16 marvin ifup-route: See 'man 5 routes' how to avoid
this warning. Jan 24 08:52:16 marvin ifup-route: Jan 24 08:52:21 marvin isdnlog: Jan 24 08:52:21 * tei 98 calling
0191011
with +49 4161/557862, Buxtehude RING (Data) Jan 24 08:52:21 marvin kernel: ippp0: dialing 1 0191011... Jan 24 08:52:23 marvin isdnlog: Jan 24 08:52:23 tei 98 calling 0191011
with +49 4161/557862, Buxtehude Time:Fri Jan 24 08:47:00 2003 Jan 24 08:52:23 marvin isdnlog: Jan 24 08:52:23 tei 98 calling
0191011
with +49 4161/557862, Buxtehude COLP *INVALID* -- ignored! Jan 24 08:52:23 marvin isdnlog: Jan 24 08:52:23 tei 98 calling
0191011
with +49 4161/557862, Buxtehude CONNECT (Data) Jan 24 08:52:23 marvin isdnlog: Jan 24 08:52:23 tei 98 calling
0191011
with +49 4161/557862, Buxtehude INTERFACE ippp0 calling 0191011
Jan 24 08:52:23 marvin isdnlog: Jan 24 08:52:23 tei 98 calling 0191011
with +49 4161/557862, Buxtehude CHARGE: 0.015 EUR/60s = 0.015 EUR/Min
(DTAG T-ISDN Standard, T-Online, t?lich, eco) Jan 24 08:52:23 marvin isdnlog: Jan 24 08:52:23 tei 98 calling
0191011
with +49 4161/557862, Buxtehude 1.CI 0.015 EUR (now) Jan 24 08:52:23 marvin isdnlog: Jan 24 08:52:23 tei 98 calling
0191011
with +49 4161/557862, Buxtehude NEXT CI AFTER 01:00 (DTAG T-ISDN
Standard, T-Online, t?lich, eco) Jan 24 08:52:23 marvin kernel: kcapi: appl 1 ncci 0x10101 up Jan 24 08:52:23 marvin kernel: isdn_net: ippp0 connected Jan 24 08:52:23 marvin kernel: capidrv-1: chan 0 up with ncci 0x10101
Jan 24 08:52:23 marvin ipppd[537]: Local number: 04161557862, Remote
number: 0191011, Type: outgoing Jan 24 08:52:23 marvin ipppd[537]: PHASE_WAIT -> PHASE_ESTABLISHED,
ifunit: 0, linkunit: 0, fd: 6 Jan 24 08:52:23 marvin ipppd[537]: sent [0][LCP ConfReq id=0x1 <mru 1500> <magic 0x6faf840a> <pcomp> <accomp> <MPmrru 1500> <MPdiscr: 0x4 [ e5
58
fb
af 56 6b 8d 24 ]>] Jan 24 08:52:23 marvin ipppd[537]: rcvd [0][LCP ConfReq id=0x1 <mru
1524>
<auth pap> <MPmrru 1524> <MPdiscr: 0x1 [ 73 74 61 63 6b 69 6e 67 ]>]
Jan 24 08:52:23 marvin ipppd[537]: sent [0][LCP ConfAck id=0x1 <mru 1524> <auth pap> <MPmrru 1524> <MPdiscr: 0x1 [ 73 74 61 63 6b 69 6e 67 ]>]
Jan 24 08:52:23 marvin ipppd[537]: rcvd [0][LCP ConfRej id=0x1 <pcomp>
<accomp>] Jan 24 08:52:23 marvin ipppd[537]: sent [0][LCP ConfReq id=0x2 <mru 1500> <magic 0x6faf840a> <MPmrru 1500> <MPdiscr: 0x4 [ e5 58 fb af 56 6b 8d
24
]>] Jan 24 08:52:23 marvin ipppd[537]: rcvd [0][LCP ConfAck id=0x2 <mru 1500> <magic 0x6faf840a> <MPmrru 1500> <MPdiscr: 0x4 [ e5 58 fb af 56 6b 8d
24
]>] Jan 24 08:52:23 marvin ipppd[537]: lcp layer is UP Jan 24 08:52:23 marvin ipppd[537]: ioctl(SIOCSIFMTU): Invalid
argument,
5
ippp0 1524. Jan 24 08:52:23 marvin ipppd[537]: sent [0][PAP AuthReq id=0x4 user="0006963082265100196352890001" password not logged for security
reasons! Use '+pwlog' option to enable full logging.] Jan 24 08:52:24 marvin ipppd[537]: rcvd [0][PAP AuthAck id=0x4msg=""]
Jan 24 08:52:24 marvin ipppd[537]: Remote message: Jan 24 08:52:24 marvin ipppd[537]: MPPP negotiation, He: Yes We: Yes
Jan 24 08:52:24 marvin ipppd[537]: sent [0][IPCP ConfReq id=0x1 <addr
0.0.0.0> <compress VJ 0f 01> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
Jan 24 08:52:24 marvin ipppd[537]: CCP enabled! Trying CCP. Jan 24 08:52:24 marvin ipppd[537]: CCP: got ccp-unit 0 for link 0
(Compression Control Protocol) Jan 24 08:52:24 marvin ipppd[537]: ccp_resetci! Jan 24 08:52:24 marvin ipppd[537]: rcvd [0][IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 62.225.253.197>] Jan 24 08:52:24 marvin ipppd[537]: sent [0][IPCP ConfAck id=0x1 <compress VJ 0f 01> <addr 62.225.253.197>] Jan 24 08:52:24 marvin ipppd[537]: rcvd [0][CCP ConfReq id=0x1 <LZS (RFC) hists 1 check 4] Jan 24 08:52:24 marvin ipppd[537]: ccp_resetci! Jan 24 08:52:24 marvin ipppd[537]: sent [0][CCP ConfReq id=0x1]
Jan 24 08:52:24 marvin ipppd[537]: sent [0][CCP ConfRej id=0x1 <LZS (RFC) hists 1 check 4] Jan 24 08:52:24 marvin kernel: Received CCP frame from peer slot(2)
Jan 24 08:52:24 marvin kernel: [0/2].ccp-rcv[0]: 01 01 00 09 11 05 00
01
04 Jan 24 08:52:24 marvin kernel: Received CCP frame from daemon: Jan 24 08:52:24 marvin kernel: [0/2].ccp-xmit[0]: ff 03 80 fd 01 01 00
04
Jan 24 08:52:24 marvin kernel: Received CCP frame from daemon: Jan 24 08:52:24 marvin kernel: [0/2].ccp-xmit[0]: ff 03 80 fd 04 01 00
09
11 05 00 01 04 Jan 24 08:52:24 marvin ipppd[537]: rcvd [0][IPCP ConfNak id=0x1 <addr
217.0.60.12> <ms-dns1 212.185.253.70> <ms-dns2 194.25.2.129>] Jan 24 08:52:24 marvin ipppd[537]: sent [0][IPCP ConfReq id=0x2 <addr
217.0.60.12> <compress VJ 0f 01> <ms-dns1 212.185.253.70> <ms-dns2
194.25.2.129>] Jan 24 08:52:24 marvin kernel: Received CCP frame from peer slot(2)
Jan 24 08:52:24 marvin kernel: [0/2].ccp-rcv[0]: 04 01 00 04 Jan 24 08:52:24 marvin ipppd[537]: rcvd [0][CCP ConfRej id=0x1]
Jan 24 08:52:24 marvin kernel: Received CCP frame from peer slot(2)
Jan 24 08:52:24 marvin kernel: [0/2].ccp-rcv[0]: 01 02 00 0a 11 06 00
01
01 03 Jan 24 08:52:24 marvin ipppd[537]: rcvd [0][CCP ConfReq id=0x2 <LZS
(Ascend pre-RFC)] Jan 24 08:52:24 marvin ipppd[537]: ccp_resetci! Jan 24 08:52:24 marvin ipppd[537]: sent [0][CCP ConfReq id=0x2]
Jan 24 08:52:24 marvin ipppd[537]: sent [0][CCP ConfRej id=0x2 <LZS
(Ascend pre-RFC)] Jan 24 08:52:24 marvin kernel: Received CCP frame from daemon: Jan 24 08:52:24 marvin kernel: [0/2].ccp-xmit[0]: ff 03 80 fd 01 02 00
04
Jan 24 08:52:24 marvin kernel: Received CCP frame from daemon: Jan 24 08:52:24 marvin kernel: [0/2].ccp-xmit[0]: ff 03 80 fd 04 02 00
0a
11 06 00 01 01 03 Jan 24 08:52:24 marvin ipppd[537]: rcvd [0][IPCP ConfAck id=0x2 <addr
217.0.60.12> <compress VJ 0f 01> <ms-dns1 212.185.253.70> <ms-dns2
194.25.2.129>] Jan 24 08:52:24 marvin ipppd[537]: local IP address 217.0.60.12
Jan 24 08:52:24 marvin ipppd[537]: remote IP address 62.225.253.197
Jan 24 08:52:24 marvin ipppd[537]: rcvd [0][CCP ConfRej id=0x2] Jan 24 08:52:24 marvin kernel: Received CCP frame from peer slot(2)
Jan 24 08:52:24 marvin kernel: [0/2].ccp-rcv[0]: 04 02 00 04 Jan 24 08:52:25 marvin modify_resolvconf: Service ipppd modified
/etc/resolv.conf. See info block in this file Jan 24 08:52:56 marvin kernel: NETDEV WATCHDOG: ippp0: transmit timed
out
Jan 24 08:52:56 marvin kernel: isdn_tx_timeout dev ippp0 dialstate 0
Jan 24 08:52:56 marvin kernel: SuSE-FW-ILLEGAL-TARGET IN=ippp0 OUT= MAC=
SRC=217.5.115.7 DST=217.0.60.12 LEN=140 TOS=0x00 PREC=0x00 TTL=56 ID=34184 PROTO=UDP SPT=53 DPT=1146 LEN=120 [...] Boot.log eth0 IP/Netmask: 192.168.0.1 / 255.255.255.0 ifup-route:
Warning: Could not set up default route via interface eth0 ifup-route: Command 'ip route replace to default via 62.255.253.197' returned: ifup-route: . "RTNETLINK answers: Network is unreachable" ifup-route: Configuration line: default 62.255.253.197 - - ifup-route: This needs NOT to be AN ERROR if you set up multiple interfaces. ifup-route: See 'man 5 routes' how to avoid this warning. ifup-route: done ippp0 <notice>pidofproc: ifup-ippp 429 ifup-route: Warning: Could not set up default route via interface ippp0 ifup-route: Command 'ip route replace to default via 62.255.253.197' returned: ifup-route: . "RTNETLINK answers: Network is unreachable" ifup-route: Configuration line: default 62.255.253.197 - - ifup-route: This needs NOT to be AN ERROR if you set up multiple interfaces. ifup-route: See 'man 5 routes' how to avoid this warning. ifup-route: <notice>startproc: execve (/usr/sbin/smpppd) [ /usr/sbin/smpppd ], [
CONSOLE=/dev/console SHELL=/bin/sh TERM=linux INIT_VERSION=sysvinit-2.82
RUN_FROM_RC=yes REDIRECT=/dev/tty1 COLUMNS=82 PATH=/sbin:/usr/sbin:/bin:/usr/bin:/etc/sysconfig/network/scripts vga=788 RUNLEVEL=5 PWD=/etc/sysconfig/network PREVLEVEL=N LINES=26 SHLVL=4 HOME=/ _=/sbin/startproc DAEMON=/usr/sbin/smpppd ] done ifup-route: Error while excuting: ifup-route: Command 'ip route replace to 192.168.0.2/24 via 192.168.0.1' returned: ifup-route: RTNETLINK answers: Invalid argument ifup-route: Configuration line: 192.168.0.2 192.168.0.1 255.255.255.0 Starting syslog services<notice>'/etc/init.d/rc5.d/S05network start'
exits
with status 0 <notice>/etc/init.d/rc5.d/S06syslog start <notice>startproc: execve (/sbin/syslogd) [ /sbin/syslogd -a /var/lib/dhcp/dev/log ], [ CONSOLE=/dev/console TERM=linux SHELL=/bin/sh
INIT_VERSION=sysvinit-2.82 REDIRECT=/dev/tty1 COLUMNS=82 PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin vga=788 RUNLEVEL=5
PWD=/ PREVLEVEL=N LINES=26 HOME=/ SHLVL=2 _=/sbin/startproc DAEMON=/sbin/syslogd ] <notice> done Starting hotplugging services [startproc: execve (/sbin/klogd) [ /sbin/klogd -c 1 -2 ], [ CONSOLE=/dev/console TERM=linux SHELL=/bin/sh
INIT_VERSION=sysvinit-2.82 REDIRECT=/dev/tty1 COLUMNS=82 PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin vga=788 RUNLEVEL=5
PWD=/ PREVLEVEL=N LINES=26 HOME=/ SHLVL=2 _=/sbin/startproc DAEMON=/sbin/klogd ] <notice>'/etc/init.d/rc5.d/S06syslog start' exits with status 0 <notice>/etc/init.d/rc5.d/S07hotplug start net pci usb .. ] done Starting Firewall Initialization (phase 2 of 3) <notice>'/etc/init.d/rc5.d/S07hotplug start' exits with status 0 <notice>/etc/init.d/rc5.d/S09SuSEfirewall2_setup start <notice>pidofproc: ipppd 537 done
On Thu, Jan 23, 2003 at 03:01:38AM +0100, KaiU@gmx.de wrote:
Danke für deine Antwort, Das Feld kann ich nicht an klicken ! Warum ? Kai
On Thu, Jan 23, 2003 at 12:53:08AM +0100, KaiU@gmx.de wrote:
Hey Mark, ich habe siese mail aus der newsgroup, und es schein als hätte ich das gleiche problem unter suse 8.1 !
Die lösung hört sich einfach an, jedoch wo ist das "Firewall
Kaestchen
beim
Provider config" ?
Im Menue Verbindungsparameter unter dem Frame mit den DNS Addressen.
(yast->isdn ->aendern ->Bearbeiten (unten) -> Provider -> Weiter)
Trag in /etc/sysconfig/isdn/cfg-net0 FIREWALL="yes" ein, danach SuSEconfig --module isdn
Karsten Keil SuSE Labs ISDN development
-- Karsten Keil SuSE Labs ISDN development
participants (2)
-
KaiU@gmx.de
-
Karsten Keil