when i use ftp service from firewall i have logs:
Jan 23 12:40:06 linux pppd[3608]: sent [LCP EchoReq id=0x80 magic=0x16380e52]
Jan 23 12:40:06 linux pppd[3608]: rcvd [LCP EchoRep id=0x80 magic=0x4dc2dc0c]
Jan 23 12:40:11 linux kernel: SuSE-FW-REJECT IN=eth2 OUT=
MAC=00:40:f4:3d:89:4b:00:e0:18:a6:7d:17:08:00 SRC=192.168.5.2 DST=192.168.5.1 LEN=60 TOS=0x00
PREC=0x00 TTL=64 ID=55868 DF PROTO=TCP SPT=32983 DPT=113 WINDOW=5840 RES=0x00 SYN URGP=0 OPT
(020405B40402080A0430C8600000000001030300)
Jan 23 12:40:11 linux kernel: SuSE-FW-REJECT IN=eth2 OUT=
MAC=00:40:f4:3d:89:4b:00:e0:18:a6:7d:17:08:00 SRC=192.168.5.2 DST=192.168.5.1 LEN=60 TOS=0x00
PREC=0x00 TTL=64 ID=20915 DF PROTO=TCP SPT=32984 DPT=113 WINDOW=5840 RES=0x00 SYN URGP=0 OPT
(020405B40402080A0430C8770000000001030300)
and from intern network i have :
Jan 23 12:40:46 linux pppd[3608]: sent [LCP EchoReq id=0x82 magic=0x16380e52]
Jan 23 12:40:46 linux pppd[3608]: rcvd [LCP EchoRep id=0x82 magic=0x4dc2dc0c]
Jan 23 12:41:02 linux kernel: SuSE-FW-DROP-DEFAULT IN=eth2 OUT=eth1 SRC=192.168.5.2
DST=192.168.1.199 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=41881 DF PROTO=TCP SPT=32985 DPT=113
WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0430DC2E0000000001030300)
Jan 23 12:41:05 linux kernel: SuSE-FW-DROP-DEFAULT IN=eth2 OUT=eth1 SRC=192.168.5.2
DST=192.168.1.199 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=41882 DF PROTO=TCP SPT=32985 DPT=113
WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0430DD5A0000000001030300)
Jan 23 12:41:06 linux pppd[3608]: sent [LCP EchoReq id=0x83 magic=0x16380e52]
Jan 23 12:41:06 linux pppd[3608]: rcvd [LCP EchoRep id=0x83 magic=0x4dc2dc0c]
Jan 23 12:41:11 linux kernel: SuSE-FW-DROP-DEFAULT IN=eth2 OUT=eth1 SRC=192.168.5.2
DST=192.168.1.199 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=41883 DF PROTO=TCP SPT=32985 DPT=113
WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0430DFB20000000001030300)
Jan 23 12:41:12 linux kernel: SuSE-FW-DROP-DEFAULT IN=eth2 OUT=eth1 SRC=192.168.5.2
DST=192.168.1.199 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=12647 DF PROTO=TCP SPT=32986 DPT=113
WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0430E0310000000001030300)
Jan 23 12:41:15 linux kernel: SuSE-FW-DROP-DEFAULT IN=eth2 OUT=eth1 SRC=192.168.5.2
DST=192.168.1.199 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=12648 DF PROTO=TCP SPT=32986 DPT=113
WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0430E15D0000000001030300)
Jan 23 12:41:21 linux kernel: SuSE-FW-DROP-DEFAULT IN=eth2 OUT=eth1 SRC=192.168.5.2
DST=192.168.1.199 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=12649 DF PROTO=TCP SPT=32986 DPT=113
WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0430E3B50000000001030300)
Jan 23 12:41:26 linux pppd[3608]: sent [LCP EchoReq id=0x84 magic=0x16380e52]
Jan 23 12:41:26 linux pppd[3608]: rcvd [LCP EchoRep id=0x84 magic=0x4dc2dc0c]
Jan 23 12:41:46 linux pppd[3608]: sent [LCP EchoReq id=0x85 magic=0x16380e52]
Jan 23 12:41:46 linux pppd[3608]: rcvd [LCP EchoRep id=0x85 magic=0x4dc2dc0c]
Jan 23 12:41:54 linux kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= SRC=217.99.48.205
DST=80.13.41.197 LEN=78 TOS=0x00 PREC=0x00 TTL=106 ID=22720 PROTO=UDP SPT=62739 DPT=137 LEN=58
i use "proftpd" for my ftp service with default configuration (port 21)
--- Togan Muftuoglu
i don't have dpt=21 when i try ftp service but dpt=113
How is your FTP server configured then
--
Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com