Hi
From: Peer Stefan [mailto:stefan.peer@tiwag.at]
hi
From: Mario Ohnewald [mailto:mario.ohnewald@gmx.de]
Hello Sec-Experts! ;)
I have SuSE7.3 (uptodate) with 3 Interfaces.
Everything runs smothly! But after some time, the Firewall-PC
can not reach
the Externam Network anymore, but the
- ppp0 is up
- ip is ok
- DNS is correct
- routing table fine
The Clients behind the Firewall can still ping and surf the web and
everything!
Look like the Firewall changes something oversudden. The
logs look ok.
did you try to shut down the firewall and check the
connection?
why would i do that? To check if the Firewall causes the error?
didn't the
external ip change after, like, 4 hours or so?
yes, every 24h, but i am just 4secs offline during my reconnection then ;)
how can
internal clients ping
the web when the firewall's lost its connection?
it did not loose it, the ppp0 is still up. It does look like the dns is
dead, but i can not even ping ips (dns ip or other)
or like the route table is messed up. But its all fine. But this are the
symthoms. --> Firewall is blocking
ermm....did i mention that the Firewall blocks the traffic from its own pc?
The rest of the network always worked!
looks likei it loads a deny rule randomly ;P
can you post some of your firewall-logs for further analysis? perhaps
there's a clue to see why your firewall-host has been cut of
the internet.
what does your syslog say?
from peer
Jul 14 01:26:00 linux pppoe[2088]: Sent PADT
Jul 14 01:26:00 linux pppd[2087]: Script /etc/ppp/ip-down started (pid 7979)
Jul 14 01:26:00 linux pppd[2087]: sent [LCP TermAck id=0xf5]
Jul 14 01:26:00 linux pppd[2087]: Modem hangup
Jul 14 01:26:00 linux pppd[2087]: Connection terminated.
Jul 14 01:26:00 linux pppd[2087]: Script /usr/sbin/pppoe -p
/var/run/pppoe.conf-adsl.pid.pppoe -I eth2 -T 80 -U -m 1412 finished
(pid 2088), status = 0x0
Jul 14 01:26:00 linux pppd[2087]: Connect time 1440.7 minutes.
Jul 14 01:26:00 linux pppd[2087]: Sent 15019711 bytes, received 232389403
bytes.
Jul 14 01:26:00 linux pppd[2087]: Waiting for 1 child processes...
Jul 14 01:26:00 linux pppd[2087]: script /etc/ppp/ip-down, pid 7979
Jul 14 01:26:01 linux /etc/ppp/ip-down: ip-down: Loading of module ipchains
was not successful.
Jul 14 01:26:01 linux /etc/ppp/ip-down: Aborting. No action taken.
Jul 14 01:26:02 linux pppd[2087]: Script /etc/ppp/ip-down finished (pid
7979), status = 0x100
Jul 14 01:26:02 linux pppd[2087]: Exit.
Jul 14 01:26:02 linux adsl-connect: ADSL connection lost; attempting
re-connection.
Jul 14 01:26:08 linux pppd[8022]: pppd 2.4.0 started by root, uid 0
Jul 14 01:26:08 linux pppd[8022]: using channel 2
Jul 14 01:26:08 linux pppd[8022]: Using interface ppp0
Jul 14 01:26:08 linux pppd[8022]: Connect: ppp0 <--> /dev/pts/0
Jul 14 01:26:08 linux pppoe[8023]: PADS: Service-Name: ''
Jul 14 01:26:08 linux pppoe[8023]: PPP session is 798
Jul 14 01:26:09 linux pppd[8022]: sent [LCP ConfReq id=0x1 ]
Jul 14 01:26:09 linux pppd[8022]: rcvd [LCP ConfReq id=0xe4
Here are a few lines from the 14th. I restart the firewall every hour, thats
how i got it working so far ;)
-------------------------------------------
Jul 14 00:17:41 linux pppd[2087]: sent [LCP EchoReq id=0x13
magic=0xa43700db]
Jul 14 00:17:41 linux pppd[2087]: rcvd [LCP EchoRep id=0x13
magic=0x77732468]
Jul 14 00:17:50 linux syslogd 1.3-3: restart.
Jul 14 01:25:43 linux pppd[2087]: sent [LCP EchoReq id=0xdf
magic=0xa43700db]
Jul 14 01:25:43 linux pppd[2087]: rcvd [LCP EchoRep id=0xdf
magic=0x77732468]
Jul 14 01:25:59 linux pppd[2087]: rcvd [LCP TermReq id=0xf5]
Jul 14 01:25:59 linux pppd[2087]: LCP terminated by peer
Jul 14 01:26:00 linux pppd[2087]: cbcp_lowerdown
Jul 14 01:26:00 linux pppoe[2088]: Session 6961 terminated -- received PADT
pap> ]
Jul 14 01:26:09 linux pppd[8022]: sent [LCP ConfAck id=0xe4 <auth
pap> ]
Jul 14 01:26:09 linux pppd[8022]: rcvd [LCP ConfAck id=0x1 ]
Jul 14 01:26:09 linux pppd[8022]: sent [LCP EchoReq id=0x0 magic=0xee811a46]
Jul 14 01:26:09 linux pppd[8022]: cbcp_lowerup
Jul 14 01:26:09 linux pppd[8022]: want: 2
Jul 14 01:26:09 linux pppd[8022]: sent [PAP AuthReq id=0x1
user="0001122281035100732428960001@t-online.de" password=<hidden>]
Jul 14 01:26:09 linux pppd[8022]: rcvd [LCP EchoRep id=0x0 magic=0x1cb35a9a]
Jul 14 01:26:09 linux pppd[8022]: rcvd [PAP AuthAck id=0x1 ""]
Jul 14 01:26:09 linux pppd[8022]: sent [IPCP ConfReq id=0x1 ]
Jul 14 01:26:09 linux pppd[8022]: rcvd [IPCP ConfReq id=0x8b ]
Jul 14 01:26:09 linux pppd[8022]: sent [IPCP ConfAck id=0x8b ]
Jul 14 01:26:09 linux pppd[8022]: rcvd [IPCP ConfNak id=0x1 ]
Jul 14 01:26:09 linux pppd[8022]: sent [IPCP ConfReq id=0x2 ]
Jul 14 01:26:09 linux pppd[8022]: rcvd [IPCP ConfAck id=0x2 ]
Jul 14 01:26:09 linux pppd[8022]: local IP address 80.145.94.60
Jul 14 01:26:09 linux pppd[8022]: remote IP address 217.5.98.130
Jul 14 01:26:09 linux pppd[8022]: Script /etc/ppp/ip-up started (pid 8025)
Jul 14 01:26:10 linux /etc/ppp/ip-up: ip-up: Loading of module ipchains was
not successful.
Jul 14 01:26:10 linux /etc/ppp/ip-up: Aborting. No action taken.
Jul 14 01:26:16 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC=
SRC=194.25.2.129 DST=80.145.94.60 LEN=145 TOS=0x00 PREC=0x00 TTL=251
ID=49869 DF PROTO=UDP SPT=53 DPT=1025 LEN=125
Jul 14 01:26:16 linux kernel: klogd 1.3-3, ---------- state
change ----------
Jul 14 01:26:16 linux kernel: Inspecting /boot/System.map-2.4.4-4GB
Jul 14 01:26:17 linux kernel: Loaded 10917 symbols from
/boot/System.map-2.4.4-4GB.
Jul 14 01:26:17 linux kernel: Symbols match kernel version 2.4.4.
Jul 14 01:26:17 linux kernel: Loaded 438 symbols from 27 modules.
Jul 14 01:26:21 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC=
SRC=194.25.2.129 DST=80.145.94.60 LEN=145 TOS=0x00 PREC=0x00 TTL=251 ID=7847
DF PROTO=UDP SPT=53 DPT=1025 LEN=125
Jul 14 01:26:26 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC=
SRC=194.25.2.129 DST=80.145.94.60 LEN=145 TOS=0x00 PREC=0x00 TTL=251
ID=20215 DF PROTO=UDP SPT=53 DPT=1025 LEN=125
Jul 14 01:26:29 linux pppd[8022]: sent [LCP EchoReq id=0x1 magic=0xee811a46]
Jul 14 01:26:29 linux pppd[8022]: rcvd [LCP EchoRep id=0x1 magic=0x1cb35a9a]
Jul 14 01:26:31 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC=
SRC=194.25.2.129 DST=80.145.94.60 LEN=282 TOS=0x00 PREC=0x00 TTL=60 ID=22446
PROTO=UDP SPT=53 DPT=1025 LEN=262
Jul 14 01:26:36 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC=
SRC=194.25.2.129 DST=80.145.94.60 LEN=282 TOS=0x00 PREC=0x00 TTL=251 ID=7848
DF PROTO=UDP SPT=53 DPT=1025 LEN=262
Jul 14 01:26:41 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC=
SRC=194.25.2.129 DST=80.145.94.60 LEN=282 TOS=0x00 PREC=0x00 TTL=60 ID=1304
PROTO=UDP SPT=53 DPT=1025 LEN=262
Jul 14 01:26:46 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC=
SRC=194.25.2.129 DST=80.145.94.60 LEN=282 TOS=0x00 PREC=0x00 TTL=251
ID=12765 DF PROTO=UDP SPT=53 DPT=1025 LEN=262
Jul 14 01:26:49 linux pppd[8022]: sent [LCP EchoReq id=0x2 magic=0xee811a46]
Jul 14 01:26:49 linux pppd[8022]: rcvd [LCP EchoRep id=0x2 magic=0x1cb35a9a]
Jul 14 01:26:51 linux pppd[8022]: Script /etc/ppp/ip-up finished (pid 8025),
status = 0x100
Jul 14 01:27:09 linux pppd[8022]: sent [LCP EchoReq id=0x3 magic=0xee811a46]
Jul 14 01:27:09 linux pppd[8022]: rcvd [LCP EchoRep id=0x3 magic=0x1cb35a9a]
Jul 14 01:27:29 linux pppd[8022]: sent [LCP EchoReq id=0x4 magic=0xee811a46]
Jul 14 01:27:29 linux pppd[8022]: rcvd [LCP EchoRep id=0x4 magic=0x1cb35a9a]
Jul 14 01:27:49 linux pppd[8022]: sent [LCP EchoReq id=0x5 magic=0xee811a46]
Jul 14 01:27:49 linux pppd[8022]: rcvd [LCP EchoRep id=0x5 magic=0x1cb35a9a]
Jul 14 01:28:09 linux pppd[8022]: sent [LCP EchoReq id=0x6 magic=0xee811a46]
Jul 14 01:28:09 linux pppd[8022]: rcvd [LCP EchoRep id=0x6 magic=0x1cb35a9a]
Jul 14 01:28:29 linux pppd[8022]: sent [LCP EchoReq id=0x7 magic=0xee811a46]
Jul 14 01:28:29 linux pppd[8022]: rcvd [LCP EchoRep id=0x7 magic=0x1cb35a9a]
Jul 14 01:54:50 linux pppd[8022]: rcvd [LCP EchoRep id=0x56
magic=0x1cb35a9a]
[... snip ...]
Thanks a lot!
Mario
regards,
stefan
yours, Mario