SuSEfirewall2 and SuSE 8.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HI, I am still struggling with getting my firewall to work. I have a ISDN dialup connection with a dynamic IP address. When I start SuSEfirewall2 at boot time the rules are correctly loaded, but after dialin the following messages appears in the syslog: Nov 22 21:47:08 Bilbo kernel: SuSE-FW-ILLEGAL-TARGET IN=ippp0 OUT= MAC= SRC=195.226.96.131 DST=195.226.100.219 LEN=223 TOS=0x00 PREC=0x00 TTL=252 ID=15433 DF PROTO=UDP SPT=53 DPT=1025 LEN=203 Nov 22 21:47:08 Bilbo kernel: SuSE-FW-ILLEGAL-TARGET IN=ippp0 OUT= MAC= SRC=195.226.96.131 DST=195.226.100.219 LEN=223 TOS=0x00 PREC=0x00 TTL=252 ID=15434 DF PROTO=UDP SPT=53 DPT=1025 LEN=203 Nov 22 21:47:08 Bilbo kernel: SuSE-FW-ILLEGAL-TARGET IN=ippp0 OUT= MAC= SRC=195.226.96.132 DST=195.226.100.219 LEN=138 TOS=0x00 PREC=0x00 TTL=252 ID=11395 DF PROTO=UDP SPT=53 DPT=1025 LEN=118 Nov 22 21:47:08 Bilbo kernel: SuSE-FW-ILLEGAL-TARGET IN=ippp0 OUT= MAC= SRC=195.226.96.131 DST=195.226.100.219 LEN=138 TOS=0x00 PREC=0x00 TTL=252 ID=15435 DF PROTO=UDP SPT=53 DPT=1026 LEN=118 Nov 22 21:47:13 Bilbo kernel: SuSE-FW-ILLEGAL-TARGET IN=ippp0 OUT= MAC= SRC=195.226.96.132 DST=195.226.100.219 LEN=138 TOS=0x00 PREC=0x00 TTL=252 ID=11396 DF PROTO=UDP SPT=53 DPT=1025 LEN=118 ...and so on. What I figured out is that the firewall rules are not reloaded after dialin, so that the new IP address of the ippp0 interface is not known to the firewall. In the ip-up script there are some settings regarding loading of the firewall, but I did not figure out so far if they work as expected. It seems to me as they are ignored. Of course I *could* reload the firewall manually after sucessful dialin, but on the other hand I expect from SuSE to provide an ip-up script that works also after a version change. It worked fine on my old 7.2 installation. regards Andreas ahallstein@tesionmail.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE93p6M5RlbrxDjpvMRArplAKCbbpW5+Rt83Lr9KjenWy1j0jTPjwCghsYw FxQrTT/pGtpT48lZBmpJc1I= =o6uU -----END PGP SIGNATURE-----
Hi I remember seeing an option activate firewall once will installing isdn via yast did you check that option ?
What I figured out is that the firewall rules are not reloaded after dialin, so that the new IP address of the ippp0 interface is not known to the firewall.
Frank
Hi, seems that worked. I installed the firewall at boottime and checked the "use firewall" box on the ISDN config. Thanks for the tip Andreas On Friday 22 November 2002 23:01, Frank W.Kooistra wrote:
Hi
I remember seeing an option activate firewall once will installing isdn via yast did you check that option ?
What I figured out is that the firewall rules are not reloaded after dialin, so that the new IP address of the ippp0 interface is not known to the firewall.
Frank
participants (2)
-
Andreas Hallstein -
Frank W.Kooistra