Upps!!!! I need be more price the I wrote the firewall was and is off at the time when I run the route -n but the logs are from a time when the firewall was up :-) Sorry did not though that this leads to confusion. Michael H U G O B O S S engelbert.gruber@ssg.co.at 14.07.2005 08:13 An Michael Hoeller <Michael_Hoeller@hugoboss.com> Kopie suse-security@suse.com Thema Re: [suse-security] SFW2-IN-ILL-TARGET [Hugo Boss: Virus checked] On Thu, 14 Jul 2005, Michael Hoeller wrote:
Hello Armin,
To connect to the remote machine I dialin via isdn and provide static IP adresses.
This is the log from the remote machine, so "local" is actually the remote machine I connect to: Jul 9 21:34:18 omicron ipppd[7273]: local IP address 192.168.55.100 Jul 9 21:34:18 omicron ipppd[7273]: remote IP address 192.168.55.200
this seems to work. But as soon I try to connect via ssh ssh -X user@192.168.55.100 I get rejected.
And the following can be found in /var/log/messages
Jul 9 21:34:22 omicron kernel: SFW2-IN-ILL-TARGET IN=ippp0 OUT= MAC= SRC=192.168.55.200 DST=192.168.55.100 LEN=6 0 TOS=0x00 PREC=0x00 TTL=64 ID=48935 DF PROTO=TCP SPT=1032 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B404 02080A01E052360000000001030302)
On the remote machine I have setup the firewall2 via yast, IP Forwarding is activated and I allow for ssh.
omicron:~ # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.55.200 0.0.0.0 255.255.255.255 UH 0 0 0 ippp0 192.168.55.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.55.200 0.0.0.0 UG 0 0 0 ippp0 omicron:~ #
OK, now we need to know the interface variables of the firewall FW_DEV_EXT, FW_DEV_INT, FW_DEV_DMZ
Here are my values: FW_DEV_EXT="ippp1 ippp1 ippp1" FW_DEV_INT="eth-id-00:e0:81:20:30:04 ippp0" FW_DEV_DMZ=""
While I checked the system I had to realize that the firewall is totally shut off, So the route -n is from the system with no firewall...
sounds strange a deactivated firewall does not produce logfile entries. like SFW2-IN-ILL-TARGET IN=ippp0 OUT=
(That there is no fw is not a nightmare, since there is no connection to the world besides the dial in and no critical data is (unitl now) available) Since I am now really remote I can switch the fw on but if the test fails.... I need to travel :-)
I don't know where the second eth0 comes from (there are two cards in the machine but one is deactivated) and I do not know where this IP Adr.. 169.254.0.0 comes from -- can I get rid of it ??? How ? Sorry this is a dummy question I found some info in the man pages but beeing remote I am afraid to fiddle a round.
1. you can test the firewall with test option :: /sbin/SuSEfirewall2 test then everything that would be blocked should be logged. 2. when working remote ill start an at command that should get me in e.g. switch to test mode in 5 minutes. if all works well i remove the at entry. 3. 169.254.0.0 is Zeroconf, it is configured by default. -- BINGO: definitive merger agreement --- Engelbert Gruber -------+ SSG Fintl,Gruber,Lassnig / A6170 Zirl Innweg 5b / Tel. ++43-5238-93535 ---+ -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here This e-mail (and/or attachments) is confidential and may be privileged. Use or disclosure of it by anyone other than a designated addressee is unauthorized. If you are not an intended recipient, please delete this e-mail from the computer on which you received it. We thank you for notifying us immediately.