SuSEFirewall2 and DNS, def Route
Hello Sec-Experts! ;) I have SuSE7.3 (uptodate) with 3 Interfaces. Everything runs smothly! But after some time, the Firewall-PC can not reach the Externam Network anymore, but the - ppp0 is up - ip is ok - DNS is correct - routing table fine The Clients behind the Firewall can still ping and surf the web and everything! Look like the Firewall changes something oversudden. The logs look ok. I just have a bunch of these logs, where can i disable the logging of this entries (kinda different subject ;)? Jul 16 09:01:15 linux pppd[23519]: rcvd [LCP EchoRep id=0xd magic=0x464f146b] Jul 16 09:01:35 linux pppd[23519]: sent [LCP EchoReq id=0xe magic=0x463697ea] Jul 16 09:01:35 linux pppd[23519]: rcvd [LCP EchoRep id=0xe magic=0x464f146b] Jul 16 09:01:55 linux pppd[23519]: sent [LCP EchoReq id=0xf magic=0x463697ea] Jul 16 09:01:55 linux pppd[23519]: rcvd [LCP EchoRep id=0xf magic=0x464f146b] Jul 16 09:02:15 linux pppd[23519]: sent [LCP EchoReq id=0x10 magic=0x463697ea] Thanks a lot! Mario
I have SuSE7.3 (uptodate) with 3 Interfaces. Everything runs smothly! But after some time, the Firewall-PC can not reach the Externam Network anymore, but the - ppp0 is up - ip is ok - DNS is correct - routing table fine
The Clients behind the Firewall can still ping and surf the web and everything! Look like the Firewall changes something oversudden.
I have a simmilar behavior. Now after installing Red Hat 7.3 and use of SuSEfirewall2 with it this behaviour is fixed. Had to fix some path-locations. Seems the iptables have a bug or the script does not run correct. I think more the iptables are errorous. Philippe
Hi
From: Peer Stefan [mailto:stefan.peer@tiwag.at]
hi
From: Mario Ohnewald [mailto:mario.ohnewald@gmx.de] Hello Sec-Experts! ;)
I have SuSE7.3 (uptodate) with 3 Interfaces. Everything runs smothly! But after some time, the Firewall-PC can not reach the Externam Network anymore, but the - ppp0 is up - ip is ok - DNS is correct - routing table fine
The Clients behind the Firewall can still ping and surf the web and everything! Look like the Firewall changes something oversudden. The logs look ok.
did you try to shut down the firewall and check the connection?
why would i do that? To check if the Firewall causes the error?
didn't the external ip change after, like, 4 hours or so?
yes, every 24h, but i am just 4secs offline during my reconnection then ;)
how can internal clients ping the web when the firewall's lost its connection?
it did not loose it, the ppp0 is still up. It does look like the dns is dead, but i can not even ping ips (dns ip or other) or like the route table is messed up. But its all fine. But this are the symthoms. --> Firewall is blocking ermm....did i mention that the Firewall blocks the traffic from its own pc? The rest of the network always worked! looks likei it loads a deny rule randomly ;P
can you post some of your firewall-logs for further analysis? perhaps there's a clue to see why your firewall-host has been cut of the internet. what does your syslog say?
from peer Jul 14 01:26:00 linux pppoe[2088]: Sent PADT Jul 14 01:26:00 linux pppd[2087]: Script /etc/ppp/ip-down started (pid 7979) Jul 14 01:26:00 linux pppd[2087]: sent [LCP TermAck id=0xf5] Jul 14 01:26:00 linux pppd[2087]: Modem hangup Jul 14 01:26:00 linux pppd[2087]: Connection terminated. Jul 14 01:26:00 linux pppd[2087]: Script /usr/sbin/pppoe -p /var/run/pppoe.conf-adsl.pid.pppoe -I eth2 -T 80 -U -m 1412 finished (pid 2088), status = 0x0 Jul 14 01:26:00 linux pppd[2087]: Connect time 1440.7 minutes. Jul 14 01:26:00 linux pppd[2087]: Sent 15019711 bytes, received 232389403 bytes. Jul 14 01:26:00 linux pppd[2087]: Waiting for 1 child processes... Jul 14 01:26:00 linux pppd[2087]: script /etc/ppp/ip-down, pid 7979 Jul 14 01:26:01 linux /etc/ppp/ip-down: ip-down: Loading of module ipchains was not successful. Jul 14 01:26:01 linux /etc/ppp/ip-down: Aborting. No action taken. Jul 14 01:26:02 linux pppd[2087]: Script /etc/ppp/ip-down finished (pid 7979), status = 0x100 Jul 14 01:26:02 linux pppd[2087]: Exit. Jul 14 01:26:02 linux adsl-connect: ADSL connection lost; attempting re-connection. Jul 14 01:26:08 linux pppd[8022]: pppd 2.4.0 started by root, uid 0 Jul 14 01:26:08 linux pppd[8022]: using channel 2 Jul 14 01:26:08 linux pppd[8022]: Using interface ppp0 Jul 14 01:26:08 linux pppd[8022]: Connect: ppp0 <--> /dev/pts/0 Jul 14 01:26:08 linux pppoe[8023]: PADS: Service-Name: '' Jul 14 01:26:08 linux pppoe[8023]: PPP session is 798 Jul 14 01:26:09 linux pppd[8022]: sent [LCP ConfReq id=0x1
] Jul 14 01:26:09 linux pppd[8022]: rcvd [LCP ConfReq id=0xe4
Here are a few lines from the 14th. I restart the firewall every hour, thats
how i got it working so far ;)
-------------------------------------------
Jul 14 00:17:41 linux pppd[2087]: sent [LCP EchoReq id=0x13
magic=0xa43700db]
Jul 14 00:17:41 linux pppd[2087]: rcvd [LCP EchoRep id=0x13
magic=0x77732468]
Jul 14 00:17:50 linux syslogd 1.3-3: restart.
Jul 14 01:25:43 linux pppd[2087]: sent [LCP EchoReq id=0xdf
magic=0xa43700db]
Jul 14 01:25:43 linux pppd[2087]: rcvd [LCP EchoRep id=0xdf
magic=0x77732468]
Jul 14 01:25:59 linux pppd[2087]: rcvd [LCP TermReq id=0xf5]
Jul 14 01:25:59 linux pppd[2087]: LCP terminated by peer
Jul 14 01:26:00 linux pppd[2087]: cbcp_lowerdown
Jul 14 01:26:00 linux pppoe[2088]: Session 6961 terminated -- received PADT
pap>
[... snip ...]
Thanks a lot!
Mario
regards, stefan
yours, Mario
participants (2)
-
Mario Ohnewald
-
Philippe Vogel