SuSeFirewall2 problems after reconnect (Suse 8.2)
(This message was also postet in the alt.os.linux.suse newsgroup) Hello everybody, after installing Suse 8.2 and the latest updates I'm having some troubles with SuSeFirewall2. My ISP disconnects my DSL-line every 24h and rp-pppoe then automatically reconnects the line. Now if an application that is listening on highports (>1024) is already running before the reconnect takes place (e.G. mldonkey and hts), after the reconnection SuSefirewall2 is dropping packets to these highports which were accessable before the reconnection. E.G. mldonkey then only gets lo-ids and I can't access my machine via hts which is running @ port 4xxx. I'm not sure if SuSefirewall2 blocks all highports or only these on which the applications are listening. Lowports aren't affected. I still can connect to Apache and SSH after the reconnect. If I close these two applications mldonkey and hts, restart the firewall and then restart the applications, everything works fine until the next reconnection takes place. Using Suse 8.1 I had no problems. In the SuSefirewall2 config file all highport are enabled. (I can post the whole config file later on if somebody needs it). Is this a new feature/bug? Can I get rid of it somehow? Thanks! Best regards, Volker -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
Hi Volker !
Now if an application that is listening on highports (>1024) is already running before the reconnect takes place (e.G. mldonkey and hts), after the reconnection SuSefirewall2 is dropping packets to these highports which were accessable before the reconnection. E.G. mldonkey then only gets lo-ids and I can't access my machine via hts which is running @ port 4xxx. I'm not sure if SuSefirewall2 blocks all highports or only these on which the applications are listening. Lowports aren't affected. I still can connect to Apache and SSH after the reconnect.
--> What about the FW_AUTOPROTECT_SERVICES in /etc/sysconfig/SuSEfirewall ? I would assume that setting this to "yes" will have exactly the effect you describe. Have you considered to enter the ports you need in "FW_TRUSTED_NETS" or "FW_SERVICES_EXT_???" ? HTH, Armin -- Am Hasenberg 26 office: Institut für Atmosphärenphysik D-18209 Bad Doberan Schloss-Straße 6 Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50
participants (2)
-
Armin Schoech
-
volkersp@gmx.net