wireless und firewall
Hallo, mein Laptop läuft mittlerweile mit einer DLink PCMCIA-Karte problemlos. Das einzigste Problem stellt derzeit der Firewall da. Will ich mit dem Notebook über WLAN ins Internet, geht es nicht. Erst nach Deaktivieren und Neustart des Firewalls klappt die Verbindung. Die abgesicherte Verbindung ist wlan0. Hat jemand von dem Problem schon einmal gehört? Gruss Guntram
On 05.04.2004 14:40 Guntram Walter wrote:
Hallo,
mein Laptop läuft mittlerweile mit einer DLink PCMCIA-Karte problemlos. Das einzigste Problem stellt derzeit der Firewall da. Will ich mit dem Notebook über WLAN ins Internet, geht es nicht. Erst nach Deaktivieren und Neustart des Firewalls klappt die Verbindung. Die abgesicherte Verbindung ist wlan0.
Klingt seltsam. Vielleicht werden eingehende Verbindungen kommentarlos geblockt. Was sagt denn ein "iptables -L" (als root)? Martin
Text der Mail vom Dienstag, 6. April 2004 um 14:26:
On 05.04.2004 14:40 Guntram Walter wrote:
Hallo,
mein Laptop läuft mittlerweile mit einer DLink PCMCIA-Karte problemlos. Das einzigste Problem stellt derzeit der Firewall da. Will ich mit dem Notebook über WLAN ins Internet, geht es nicht. Erst nach Deaktivieren und Neustart des Firewalls klappt die Verbindung. Die abgesicherte Verbindung ist wlan0.
Klingt seltsam. Vielleicht werden eingehende Verbindungen kommentarlos geblockt. Was sagt denn ein "iptables -L" (als root)?
Das ist die Ausgabe des Befehls linux:~ # iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere LOG all -- loopback/8 anywhere LOG level warning tc p-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING ' LOG all -- anywhere loopback/8 LOG level warning tc p-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING ' DROP all -- loopback/8 anywhere DROP all -- anywhere loopback/8 LOG all -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-ILL EGAL-TARGET ' DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere LOG icmp -- anywhere anywhere icmp time-exceeded LOG level warning tcp-options ip-options prefix `SuSE-FW-TRACEROUTE-ATTEMPT ' DROP icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed ACCEPT icmp -- anywhere anywhere icmp network-prohibited ACCEPT icmp -- anywhere anywhere icmp host-prohibited ACCEPT icmp -- anywhere anywhere icmp communication-prohibited DROP icmp -- anywhere anywhere icmp destination-unreachable ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED LOG all -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-OUT PUT-ERROR ' Chain forward_dmz (0 references) target prot opt source destination Chain forward_ext (0 references) target prot opt source destination Chain forward_int (0 references) target prot opt source destination Chain input_dmz (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefi x `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-opti ons prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-o ptions prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp type 2 LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' DROP icmp -- anywhere anywhere reject_func tcp -- anywhere anywhere tcp dpt:ident flags:SYN,RST,ACK/SYN LOG tcp -- anywhere anywhere tcp dpt:sunrpc flags:SYN,RST,ACK/SYN LOG level warning tcp-o ptions ip-options prefix `SuSE-FW-DROP ' DROP tcp -- anywhere anywhere tcp dpt:sunrpc flags:SYN,RST,ACK/SYN LOG tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp dpts:1024:65535 flags:SYN,RST, ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp dpts:1024:65535 ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpts:ipcserver:65535 flags:!SYN,RST,AC K/SYN ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpt:ftp-data flags:!SYN,RST,ACK/SYN ACCEPT udp -- 212.185.253.136 anywhere state NEW,RELATED,ESTABLISHED udp spt:domain dpts:1024:65535 ACCEPT udp -- 194.25.2.129 anywhere state NEW,RELATED,ESTABLISHED udp spt:domain dpts:1024:65535 DROP udp -- anywhere anywhere udp dpt:bootpc DROP udp -- anywhere anywhere udp dpt:sunrpc DROP udp -- anywhere anywhere udp dpt:sunrpc ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED udp dpts:1024:65535 LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp echo-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG udp -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG all -- anywhere anywhere state INVALID LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT-INVALID ' DROP all -- anywhere anywhere Chain input_ext (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp type 2 LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' DROP icmp -- anywhere anywhere reject_func tcp -- anywhere anywhere tcp dpt:ident flags:SYN,RST,ACK/SYN LOG tcp -- anywhere anywhere tcp dpt:sunrpc flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' DROP tcp -- anywhere anywhere tcp dpt:sunrpc flags:SYN,RST,ACK/SYN LOG tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp dpts:1024:65535 flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp dpts:1024:65535 ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpts:ipcserver:65535 flags:!SYN,RST,ACK/SYN ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpt:ftp-data flags:!SYN,RST,ACK/SYN ACCEPT udp -- 212.185.253.136 anywhere state NEW,RELATED,ESTABLISHED udp spt:domain dpts:1024:65535 ACCEPT udp -- 194.25.2.129 anywhere state NEW,RELATED,ESTABLISHED udp spt:domain dpts:1024:65535 DROP udp -- anywhere anywhere udp dpt:bootpc DROP udp -- anywhere anywhere udp dpt:sunrpc DROP udp -- anywhere anywhere udp dpt:sunrpc ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED udp dpts:1024:65535 LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp echo-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG udp -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG all -- anywhere anywhere state INVALID LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT-INVALID ' DROP all -- anywhere anywhere Chain input_int (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp type 2 LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' DROP icmp -- anywhere anywhere reject_func tcp -- anywhere anywhere tcp dpt:ident flags:SYN,RST,ACK/SYN LOG tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp dpts:1024:65535 flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp dpts:1024:65535 ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpts:ipcserver:65535 flags:!SYN,RST,ACK/SYN ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpt:ftp-data flags:!SYN,RST,ACK/SYN ACCEPT udp -- 212.185.253.136 anywhere state NEW,RELATED,ESTABLISHED udp spt:domain dpts:1024:65535 ACCEPT udp -- 194.25.2.129 anywhere state NEW,RELATED,ESTABLISHED udp spt:domain dpts:1024:65535 ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED udp dpts:1024:65535 LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp echo-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG udp -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG all -- anywhere anywhere state INVALID LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT-INVALID ' DROP all -- anywhere anywhere Chain reject_func (3 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable linux:~ # Mit freundlichen Grüssen Guntram Walter -- imid multimedia guntram walter ruhrstrasse 82 40699 erkrath fon 02104 832780 info@imid-multimedia.de
participants (2)
-
Guntram Walter -
Martin Röhricht