Fwd: RE: [suse-security] My SuSEFirewall blocks something than my LAM can not surfing in internet anymore.
Hi You need to put in /etc/resolv.conf a DNS server! This is normally your ISP servers. Ian ---------- Forwarded Message ---------- Subject: RE: [suse-security] My SuSEFirewall blocks something than my LAM can not surfing in internet anymore. Date: Fri, 28 Feb 2003 08:15:46 -0800 (PST) From: Prabu Subroto <prabu_subroto@yahoo.com> To: SuSE Security Milis <suse-security@suse.com> Dear Stefan... (Now, I know your first name is Stefan...:D Chickle...) I found a mistype in your instruction. It should not be "DTP" but "DPT". Now, I got the output from my "/var/log/messages": " proxy:/var/log # cat /var/log/messages|grep DPT=80|grep -v DST=192.168.23.10 Feb 27 16:14:53 proxy kernel: SuSE-FW-ACCEPT IN=ippp0 OUT= MAC= SRC=145.254.192.34 DST=145.254.88.223 LEN=48 TOS=0x08 PREC=0x00 TTL=119 ID=14754 DF PROTO=TCP SPT=4215 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Feb 27 16:14:54 proxy kernel: SuSE-FW-ACCEPT IN=ippp0 OUT= MAC= SRC=145.254.192.34 DST=145.254.88.223 LEN=48 TOS=0x08 PREC=0x00 TTL=119 ID=14825 DF PROTO=TCP SPT=4215 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Feb 27 16:14:55 proxy kernel: SuSE-FW-ACCEPT IN=ippp0 OUT= MAC= SRC=145.254.192.34 DST=145.254.88.223 LEN=48 TOS=0x08 PREC=0x00 TTL=119 ID=14890 DF PROTO=TCP SPT=4215 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) proxy:/var/log # " Here is the error message in the internet browser of my LAN user while this problem is happening. " The requested URL could not be retrieved While trying to retrieve the URL: http://www.yahoo.com/ The following error was encountered: Unable to determine IP address from host name for www.yahoo.com The dnsserver returned: No DNS records This means that: The cache was not able to resolve the hostname presented in the URL. Check if the address is correct. Your cache administrator is webmaster. " Lookslike because of DNS server... But How and why? Please tell me..... --- Peer Stefan <stefan.peer@tiwag.at> wrote:
Hi Prabu,
Sorry to say so, but this trace shows nothing more than a connection-trace of your ssh-session (DPT=22 ...). Don't tail /var/log/messages, it's quite big and gets filled really fast. Do a "cat /var/log/messages|grep DTP=80|grep -v DST=192.168.23.10" in order to get all the outgoing http-stuff.
so long, Stefan
btw. I'm called Stefan - it's a bit queer here in Austria, we always put the last name in front ;-)
From: Prabu Subroto
[mailto:prabu_subroto@yahoo.com]
Dear my friend, Peer...
Today morning, it happened again. I follow your
advice
and this is the 60 lines of my "/var/log/messages" file: " proxy:/var/log # tail -n 60 messages Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4343 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=16192 RES=0x00 ACK URGP=0 OPT (0101080A00097D1B04A2BFF7) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4344 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=16192 RES=0x00 ACK URGP=0 OPT (0101080A00097D1B04A2BFF7) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4345 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=16192 RES=0x00 ACK URGP=0 OPT (0101080A00097D1B04A2BFF7) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4346 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=16192 RES=0x00 ACK URGP=0 OPT (0101080A00097D1B04A2BFF7) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4347 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=16192 RES=0x00 ACK URGP=0 OPT (0101080A00097D1B04A2BFF7) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4348 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=16192 RES=0x00 ACK URGP=0 OPT (0101080A00097D1B04A2BFF7) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4349 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=16192 RES=0x00 ACK URGP=0 OPT (0101080A00097D1B04A2BFF7) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4350 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=16192 RES=0x00 ACK URGP=0 OPT (0101080A00097D1B04A2BFF7) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4351 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=16192 RES=0x00 ACK URGP=0 OPT (0101080A00097D1B04A2BFF7) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4352 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=16192 RES=0x00 ACK URGP=0 OPT (0101080A00097D1B04A2BFF7) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4353 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=16192 RES=0x00 ACK URGP=0 OPT (0101080A00097D1B04A2BFF8) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4354 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=16192 RES=0x00 ACK URGP=0 OPT (0101080A00097D1B04A2BFF8) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4355 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=16192 RES=0x00 ACK URGP=0 OPT (0101080A00097D1C04A2BFF8) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4356 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=18824 RES=0x00 ACK URGP=0 OPT (0101080A00097D1C04A2BFF8) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4357 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=18824 RES=0x00 ACK URGP=0 OPT (0101080A00097D1C04A2BFF8) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4358 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=18824 RES=0x00 ACK URGP=0 OPT (0101080A00097D1C04A2BFF8) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4359 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=21720 RES=0x00 ACK URGP=0 OPT (0101080A00097D1C04A2BFF8) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4360 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=24616 RES=0x00 ACK URGP=0 OPT (0101080A00097D1D04A2BFF8) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4361 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=27512 RES=0x00 ACK URGP=0 OPT (0101080A00097D1D04A2BFF9) Feb 27 14:04:51 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00
=== message truncated === __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here -------------------------------------------------------
I did already, my friend... do you have another solution? Thank you very much for your advice. --- Ian David Laws <ian@the-laws-clan.de> wrote:
Hi
You need to put in /etc/resolv.conf a DNS server! This is normally your ISP servers.
Ian
---------- Forwarded Message ----------
Subject: RE: [suse-security] My SuSEFirewall blocks something than my LAM can not surfing in internet anymore. Date: Fri, 28 Feb 2003 08:15:46 -0800 (PST) From: Prabu Subroto <prabu_subroto@yahoo.com> To: SuSE Security Milis <suse-security@suse.com>
Dear Stefan... (Now, I know your first name is Stefan...:D Chickle...)
I found a mistype in your instruction. It should not be "DTP" but "DPT".
Now, I got the output from my "/var/log/messages": " proxy:/var/log # cat /var/log/messages|grep DPT=80|grep -v DST=192.168.23.10 Feb 27 16:14:53 proxy kernel: SuSE-FW-ACCEPT IN=ippp0 OUT= MAC= SRC=145.254.192.34 DST=145.254.88.223 LEN=48 TOS=0x08 PREC=0x00 TTL=119 ID=14754 DF PROTO=TCP SPT=4215 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Feb 27 16:14:54 proxy kernel: SuSE-FW-ACCEPT IN=ippp0 OUT= MAC= SRC=145.254.192.34 DST=145.254.88.223 LEN=48 TOS=0x08 PREC=0x00 TTL=119 ID=14825 DF PROTO=TCP SPT=4215 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Feb 27 16:14:55 proxy kernel: SuSE-FW-ACCEPT IN=ippp0 OUT= MAC= SRC=145.254.192.34 DST=145.254.88.223 LEN=48 TOS=0x08 PREC=0x00 TTL=119 ID=14890 DF PROTO=TCP SPT=4215 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) proxy:/var/log # " Here is the error message in the internet browser of my LAN user while this problem is happening. " The requested URL could not be retrieved
While trying to retrieve the URL: http://www.yahoo.com/
The following error was encountered:
Unable to determine IP address from host name for www.yahoo.com
The dnsserver returned:
No DNS records
This means that:
The cache was not able to resolve the hostname presented in the URL. Check if the address is correct.
Your cache administrator is webmaster. "
Lookslike because of DNS server... But How and why?
Please tell me.....
--- Peer Stefan <stefan.peer@tiwag.at> wrote:
Hi Prabu,
Sorry to say so, but this trace shows nothing more than a connection-trace of your ssh-session (DPT=22 ...). Don't tail /var/log/messages, it's quite big and gets filled really fast. Do a "cat /var/log/messages|grep DTP=80|grep -v DST=192.168.23.10" in order to get all the outgoing http-stuff.
so long, Stefan
btw. I'm called Stefan - it's a bit queer here in Austria, we always put the last name in front ;-)
From: Prabu Subroto
[mailto:prabu_subroto@yahoo.com]
Dear my friend, Peer...
Today morning, it happened again. I follow your
advice
and this is the 60 lines of my "/var/log/messages" file: " proxy:/var/log # tail -n 60 messages Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4343 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=16192 RES=0x00 ACK URGP=0 OPT (0101080A00097D1B04A2BFF7) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4344 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=16192 RES=0x00 ACK URGP=0 OPT (0101080A00097D1B04A2BFF7) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4345 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=16192 RES=0x00 ACK URGP=0 OPT (0101080A00097D1B04A2BFF7) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4346 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=16192 RES=0x00 ACK URGP=0 OPT (0101080A00097D1B04A2BFF7) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4347 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=16192 RES=0x00 ACK URGP=0 OPT (0101080A00097D1B04A2BFF7) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4348 DF PROTO=TCP SPT=1132
DPT=22
WINDOW=16192 RES=0x00 ACK URGP=0 OPT (0101080A00097D1B04A2BFF7) Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
=== message truncated === __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/
participants (2)
-
Ian David Laws -
Prabu Subroto