SuSEFirewall2 and DNS, def Route
Hello Sec-Experts! ;) I have SuSE7.3 (uptodate) with 3 Interfaces. Everything runs smothly! But after some time, the Firewall-PC can not reach the Externam Network anymore, but the - ppp0 is up - ip is ok - DNS is correct - routing table fine The Clients behind the Firewall can still ping and surf the web and everything! Look like the Firewall changes something oversudden. The logs look ok. I just have a bunch of these logs, where can i disable the logging of this entries (kinda different subject ;)? Jul 16 09:01:15 linux pppd[23519]: rcvd [LCP EchoRep id=0xd magic=0x464f146b] Jul 16 09:01:35 linux pppd[23519]: sent [LCP EchoReq id=0xe magic=0x463697ea] Jul 16 09:01:35 linux pppd[23519]: rcvd [LCP EchoRep id=0xe magic=0x464f146b] Jul 16 09:01:55 linux pppd[23519]: sent [LCP EchoReq id=0xf magic=0x463697ea] Jul 16 09:01:55 linux pppd[23519]: rcvd [LCP EchoRep id=0xf magic=0x464f146b] Jul 16 09:02:15 linux pppd[23519]: sent [LCP EchoReq id=0x10 magic=0x463697ea] Thanks a lot! Mario
I have SuSE7.3 (uptodate) with 3 Interfaces. Everything runs smothly! But after some time, the Firewall-PC can not reach the Externam Network anymore, but the - ppp0 is up - ip is ok - DNS is correct - routing table fine
The Clients behind the Firewall can still ping and surf the web and everything! Look like the Firewall changes something oversudden.
I have a simmilar behavior. Now after installing Red Hat 7.3 and use of SuSEfirewall2 with it this behaviour is fixed. Had to fix some path-locations. Seems the iptables have a bug or the script does not run correct. I think more the iptables are errorous. Philippe
Hi
From: Peer Stefan [mailto:stefan.peer@tiwag.at]
hi
From: Mario Ohnewald [mailto:mario.ohnewald@gmx.de] Hello Sec-Experts! ;)
I have SuSE7.3 (uptodate) with 3 Interfaces. Everything runs smothly! But after some time, the Firewall-PC can not reach the Externam Network anymore, but the - ppp0 is up - ip is ok - DNS is correct - routing table fine
The Clients behind the Firewall can still ping and surf the web and everything! Look like the Firewall changes something oversudden. The logs look ok.
did you try to shut down the firewall and check the connection?
why would i do that? To check if the Firewall causes the error?
didn't the external ip change after, like, 4 hours or so?
yes, every 24h, but i am just 4secs offline during my reconnection then ;)
how can internal clients ping the web when the firewall's lost its connection?
it did not loose it, the ppp0 is still up. It does look like the dns is dead, but i can not even ping ips (dns ip or other) or like the route table is messed up. But its all fine. But this are the symthoms. --> Firewall is blocking ermm....did i mention that the Firewall blocks the traffic from its own pc? The rest of the network always worked! looks likei it loads a deny rule randomly ;P
can you post some of your firewall-logs for further analysis? perhaps there's a clue to see why your firewall-host has been cut of the internet. what does your syslog say?
from peer Jul 14 01:26:00 linux pppoe[2088]: Sent PADT Jul 14 01:26:00 linux pppd[2087]: Script /etc/ppp/ip-down started (pid 7979) Jul 14 01:26:00 linux pppd[2087]: sent [LCP TermAck id=0xf5] Jul 14 01:26:00 linux pppd[2087]: Modem hangup Jul 14 01:26:00 linux pppd[2087]: Connection terminated. Jul 14 01:26:00 linux pppd[2087]: Script /usr/sbin/pppoe -p /var/run/pppoe.conf-adsl.pid.pppoe -I eth2 -T 80 -U -m 1412 finished (pid 2088), status = 0x0 Jul 14 01:26:00 linux pppd[2087]: Connect time 1440.7 minutes. Jul 14 01:26:00 linux pppd[2087]: Sent 15019711 bytes, received 232389403 bytes. Jul 14 01:26:00 linux pppd[2087]: Waiting for 1 child processes... Jul 14 01:26:00 linux pppd[2087]: script /etc/ppp/ip-down, pid 7979 Jul 14 01:26:01 linux /etc/ppp/ip-down: ip-down: Loading of module ipchains was not successful. Jul 14 01:26:01 linux /etc/ppp/ip-down: Aborting. No action taken. Jul 14 01:26:02 linux pppd[2087]: Script /etc/ppp/ip-down finished (pid 7979), status = 0x100 Jul 14 01:26:02 linux pppd[2087]: Exit. Jul 14 01:26:02 linux adsl-connect: ADSL connection lost; attempting re-connection. Jul 14 01:26:08 linux pppd[8022]: pppd 2.4.0 started by root, uid 0 Jul 14 01:26:08 linux pppd[8022]: using channel 2 Jul 14 01:26:08 linux pppd[8022]: Using interface ppp0 Jul 14 01:26:08 linux pppd[8022]: Connect: ppp0 <--> /dev/pts/0 Jul 14 01:26:08 linux pppoe[8023]: PADS: Service-Name: '' Jul 14 01:26:08 linux pppoe[8023]: PPP session is 798 Jul 14 01:26:09 linux pppd[8022]: sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xee811a46>] Jul 14 01:26:09 linux pppd[8022]: rcvd [LCP ConfReq id=0xe4 <mru 1492> <auth
Here are a few lines from the 14th. I restart the firewall every hour, thats how i got it working so far ;) ------------------------------------------- Jul 14 00:17:41 linux pppd[2087]: sent [LCP EchoReq id=0x13 magic=0xa43700db] Jul 14 00:17:41 linux pppd[2087]: rcvd [LCP EchoRep id=0x13 magic=0x77732468] Jul 14 00:17:50 linux syslogd 1.3-3: restart. Jul 14 01:25:43 linux pppd[2087]: sent [LCP EchoReq id=0xdf magic=0xa43700db] Jul 14 01:25:43 linux pppd[2087]: rcvd [LCP EchoRep id=0xdf magic=0x77732468] Jul 14 01:25:59 linux pppd[2087]: rcvd [LCP TermReq id=0xf5] Jul 14 01:25:59 linux pppd[2087]: LCP terminated by peer Jul 14 01:26:00 linux pppd[2087]: cbcp_lowerdown Jul 14 01:26:00 linux pppoe[2088]: Session 6961 terminated -- received PADT pap> <magic 0x1cb35a9a>] Jul 14 01:26:09 linux pppd[8022]: sent [LCP ConfAck id=0xe4 <mru 1492> <auth pap> <magic 0x1cb35a9a>] Jul 14 01:26:09 linux pppd[8022]: rcvd [LCP ConfAck id=0x1 <mru 1492> <magic 0xee811a46>] Jul 14 01:26:09 linux pppd[8022]: sent [LCP EchoReq id=0x0 magic=0xee811a46] Jul 14 01:26:09 linux pppd[8022]: cbcp_lowerup Jul 14 01:26:09 linux pppd[8022]: want: 2 Jul 14 01:26:09 linux pppd[8022]: sent [PAP AuthReq id=0x1 user="0001122281035100732428960001@t-online.de" password=<hidden>] Jul 14 01:26:09 linux pppd[8022]: rcvd [LCP EchoRep id=0x0 magic=0x1cb35a9a] Jul 14 01:26:09 linux pppd[8022]: rcvd [PAP AuthAck id=0x1 ""] Jul 14 01:26:09 linux pppd[8022]: sent [IPCP ConfReq id=0x1 <addr 0.0.0.0>] Jul 14 01:26:09 linux pppd[8022]: rcvd [IPCP ConfReq id=0x8b <addr 217.5.98.130>] Jul 14 01:26:09 linux pppd[8022]: sent [IPCP ConfAck id=0x8b <addr 217.5.98.130>] Jul 14 01:26:09 linux pppd[8022]: rcvd [IPCP ConfNak id=0x1 <addr 80.145.94.60>] Jul 14 01:26:09 linux pppd[8022]: sent [IPCP ConfReq id=0x2 <addr 80.145.94.60>] Jul 14 01:26:09 linux pppd[8022]: rcvd [IPCP ConfAck id=0x2 <addr 80.145.94.60>] Jul 14 01:26:09 linux pppd[8022]: local IP address 80.145.94.60 Jul 14 01:26:09 linux pppd[8022]: remote IP address 217.5.98.130 Jul 14 01:26:09 linux pppd[8022]: Script /etc/ppp/ip-up started (pid 8025) Jul 14 01:26:10 linux /etc/ppp/ip-up: ip-up: Loading of module ipchains was not successful. Jul 14 01:26:10 linux /etc/ppp/ip-up: Aborting. No action taken. Jul 14 01:26:16 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC= SRC=194.25.2.129 DST=80.145.94.60 LEN=145 TOS=0x00 PREC=0x00 TTL=251 ID=49869 DF PROTO=UDP SPT=53 DPT=1025 LEN=125 Jul 14 01:26:16 linux kernel: klogd 1.3-3, ---------- state change ---------- Jul 14 01:26:16 linux kernel: Inspecting /boot/System.map-2.4.4-4GB Jul 14 01:26:17 linux kernel: Loaded 10917 symbols from /boot/System.map-2.4.4-4GB. Jul 14 01:26:17 linux kernel: Symbols match kernel version 2.4.4. Jul 14 01:26:17 linux kernel: Loaded 438 symbols from 27 modules. Jul 14 01:26:21 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC= SRC=194.25.2.129 DST=80.145.94.60 LEN=145 TOS=0x00 PREC=0x00 TTL=251 ID=7847 DF PROTO=UDP SPT=53 DPT=1025 LEN=125 Jul 14 01:26:26 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC= SRC=194.25.2.129 DST=80.145.94.60 LEN=145 TOS=0x00 PREC=0x00 TTL=251 ID=20215 DF PROTO=UDP SPT=53 DPT=1025 LEN=125 Jul 14 01:26:29 linux pppd[8022]: sent [LCP EchoReq id=0x1 magic=0xee811a46] Jul 14 01:26:29 linux pppd[8022]: rcvd [LCP EchoRep id=0x1 magic=0x1cb35a9a] Jul 14 01:26:31 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC= SRC=194.25.2.129 DST=80.145.94.60 LEN=282 TOS=0x00 PREC=0x00 TTL=60 ID=22446 PROTO=UDP SPT=53 DPT=1025 LEN=262 Jul 14 01:26:36 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC= SRC=194.25.2.129 DST=80.145.94.60 LEN=282 TOS=0x00 PREC=0x00 TTL=251 ID=7848 DF PROTO=UDP SPT=53 DPT=1025 LEN=262 Jul 14 01:26:41 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC= SRC=194.25.2.129 DST=80.145.94.60 LEN=282 TOS=0x00 PREC=0x00 TTL=60 ID=1304 PROTO=UDP SPT=53 DPT=1025 LEN=262 Jul 14 01:26:46 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC= SRC=194.25.2.129 DST=80.145.94.60 LEN=282 TOS=0x00 PREC=0x00 TTL=251 ID=12765 DF PROTO=UDP SPT=53 DPT=1025 LEN=262 Jul 14 01:26:49 linux pppd[8022]: sent [LCP EchoReq id=0x2 magic=0xee811a46] Jul 14 01:26:49 linux pppd[8022]: rcvd [LCP EchoRep id=0x2 magic=0x1cb35a9a] Jul 14 01:26:51 linux pppd[8022]: Script /etc/ppp/ip-up finished (pid 8025), status = 0x100 Jul 14 01:27:09 linux pppd[8022]: sent [LCP EchoReq id=0x3 magic=0xee811a46] Jul 14 01:27:09 linux pppd[8022]: rcvd [LCP EchoRep id=0x3 magic=0x1cb35a9a] Jul 14 01:27:29 linux pppd[8022]: sent [LCP EchoReq id=0x4 magic=0xee811a46] Jul 14 01:27:29 linux pppd[8022]: rcvd [LCP EchoRep id=0x4 magic=0x1cb35a9a] Jul 14 01:27:49 linux pppd[8022]: sent [LCP EchoReq id=0x5 magic=0xee811a46] Jul 14 01:27:49 linux pppd[8022]: rcvd [LCP EchoRep id=0x5 magic=0x1cb35a9a] Jul 14 01:28:09 linux pppd[8022]: sent [LCP EchoReq id=0x6 magic=0xee811a46] Jul 14 01:28:09 linux pppd[8022]: rcvd [LCP EchoRep id=0x6 magic=0x1cb35a9a] Jul 14 01:28:29 linux pppd[8022]: sent [LCP EchoReq id=0x7 magic=0xee811a46] Jul 14 01:28:29 linux pppd[8022]: rcvd [LCP EchoRep id=0x7 magic=0x1cb35a9a] Jul 14 01:54:50 linux pppd[8022]: rcvd [LCP EchoRep id=0x56 magic=0x1cb35a9a]
[... snip ...]
Thanks a lot!
Mario
regards, stefan
yours, Mario
participants (2)
-
Mario Ohnewald
-
Philippe Vogel