SuSEfirewall2 and dyndns
Hi, why do I cannot ssh access my fw via dyndns from internal, but from outside? SuSEfirewall2 v1.7 Sep 17 21:47:17 frwall kernel: SuSE-FW-ACCESS_DENIED_FOR_INTIN=eth0 OUT= MAC=00:01:02:f5:e 5:fb:00:01:02:f5:e6:ad:08:00 SRC=xxx.yy.zz.123 DST=xxx.yyy.zzz.145 LEN=60 TOS=0x10 PREC=0x 00 TTL=64 ID=29832 DF PROTO=TCP SPT=41182 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (0204 05B40402080A024F8D5F0000000001030300) Sep 17 21:47:20 frwall kernel: SuSE-FW-ACCESS_DENIED_FOR_INTIN=eth0 OUT= MAC=00:01:02:f5:e 5:fb:00:01:02:f5:e6:ad:08:00 SRC=xxx.yy.zz.123 DST=xxx.yyy.zzz.145 LEN=60 TOS=0x10 PREC=0x 00 TTL=64 ID=29833 DF PROTO=TCP SPT=41182 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (0204 05B40402080A024F8E8B0000000001030300) Sep 17 21:47:26 frwall kernel: SuSE-FW-ACCESS_DENIED_FOR_INTIN=eth0 OUT= MAC=00:01:02:f5:e 5:fb:00:01:02:f5:e6:ad:08:00 SRC=xxx.yy.zz.123 DST=xxx.yyy.zzz.145 LEN=60 TOS=0x10 PREC=0x 00 TTL=64 ID=29834 DF PROTO=TCP SPT=41182 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (0204 05B40402080A024F90E30000000001030300) I think, my setup is ok: FW_DEV_EXT="eth1 ppp0 ppp1" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="xxx.yyy.zzz.0/24" FW_PROTECT_FROM_INTERNAL="yes" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="ssh" FW_SERVICES_EXT_UDP="domain" # Common: domain FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="ssh smtp domain www ntp nfs sunrpc 3128" FW_SERVICES_INT_UDP="domain nfs sunrpc 111" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="xxx.yyy.zzz.0/24" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="yes" # Autodetect the services below when starting FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="" # Beware to use this! FW_FORWARD_MASQ="" # Beware to use this! FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="yes" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="yes" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="no" 2nd question: is openssh-2.9p2-39 from SuSE 7.3 vulnerable? TIA, Hans-Peter
participants (1)
-
Hans-Peter Jansen