SuSE 9.2 + SuSEfirewall2 + pptp vpn
Hi List,
That's strange. I'd suggest you to start from scratch and then post your /etc/sysconfig/SuSEfirewall2 file. Just copy /var/adm/fillup-templates/sysconfig.SuSEfirewall2 to /etc/sysconfig/SuSEfirewall2 to restore the default configuration file.
cu Ludwig
Could it be that there is something wrong with the last build of SFW2?
Ich got strage FW probs too, tryin' to get a pptp-vpn working.
Mar 15 17:04:59 *** kernel: SFW2-IN-ILL-TARGET IN=ppp1 OUT= MAC=
SRC=192.168.21.210 DST=255.255.255.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128
ID=11508 PROTO=UDP SPT=137 DPT=137 LEN=76
Mar 15 17:04:59 *** kernel: SFW2-IN-ILL-TARGET IN=ppp1 OUT= MAC=
SRC=192.168.21.210 DST=255.255.255.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128
ID=11512 PROTO=UDP SPT=137 DPT=137 LEN=76
Mar 15 17:05:00 *** pptpd[21201]: Error writing GRE packet: Operation not
permitted
Mar 15 17:05:00 *** pptpd[21201]: CTRL: GRE read or PTY write failed
(gre,pty)=(6,5)
ppp1 is set as a INT interface, class-routing is activated.
I got no further idea, with SuSE8.0 I had no problems.
Best regards,
Frank
--------------------------------------------
netlogistics
Frank Krueger
Frank Krüger wrote:
[...] Could it be that there is something wrong with the last build of SFW2? Ich got strage FW probs too, tryin' to get a pptp-vpn working.
Mar 15 17:04:59 *** kernel: SFW2-IN-ILL-TARGET IN=ppp1 OUT= MAC= SRC=192.168.21.210 DST=255.255.255.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=11508 PROTO=UDP SPT=137 DPT=137 LEN=76 Mar 15 17:04:59 *** kernel: SFW2-IN-ILL-TARGET IN=ppp1 OUT= MAC= SRC=192.168.21.210 DST=255.255.255.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=11512 PROTO=UDP SPT=137 DPT=137 LEN=76 Mar 15 17:05:00 *** pptpd[21201]: Error writing GRE packet: Operation not permitted Mar 15 17:05:00 *** pptpd[21201]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5)
ppp1 is set as a INT interface, class-routing is activated. I got no further idea, with SuSE8.0 I had no problems.
Which version of SuSEfirewall2? Which SUSE LINUX release? ILL-TARGET drops happen if your interface is not in any zone. You need to run SuSEfirewall2 each time a new interface comes up. cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/
Hi Ludwig, Sorry, the request was short, right. I didn't wanted to hijack the other thread ([suse-security] SuSE 9.2 + SuSEfirewall2 + nfs problems).
Which version of SuSEfirewall2? Which SUSE LINUX release? I got a SuSE 9.2 Machine connected via DSL running SuSEfirewall2-3.2-14.2 and pptpd.
ILL-TARGET drops happen if your interface is not in any zone. ppp1 should be in zone INT:
FW_DEV_INT="eth1 ppp1 ppp2 ppp3"
You need to run SuSEfirewall2 each time a new interface comes up. I thought this will be done by ip-up. ppp1 is set up by pptpd.
Do I have to setup a initial configuration on ppp1?
B.rgds,
Frank
--------------------------------------------
netlogistics
Frank Krueger
-----Ursprüngliche Nachricht----- Von: Ludwig Nussel [mailto:ludwig.nussel@suse.de] Gesendet: Mittwoch, 16. März 2005 10:25 An: suse-security@suse.com Betreff: Re: [suse-security] SuSE 9.2 + SuSEfirewall2 + pptp vpn
Frank Krüger wrote:
[...] Could it be that there is something wrong with the last build of SFW2? Ich got strage FW probs too, tryin' to get a pptp-vpn working.
Mar 15 17:04:59 *** kernel: SFW2-IN-ILL-TARGET IN=ppp1 OUT= MAC= SRC=192.168.21.210 DST=255.255.255.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=11508 PROTO=UDP SPT=137 DPT=137 LEN=76 Mar 15 17:04:59 *** kernel: SFW2-IN-ILL-TARGET IN=ppp1 OUT= MAC= SRC=192.168.21.210 DST=255.255.255.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=11512 PROTO=UDP SPT=137 DPT=137 LEN=76 Mar 15 17:05:00 *** pptpd[21201]: Error writing GRE packet: Operation not permitted Mar 15 17:05:00 *** pptpd[21201]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5)
ppp1 is set as a INT interface, class-routing is activated. I got no further idea, with SuSE8.0 I had no problems.
Which version of SuSEfirewall2? Which SUSE LINUX release? ILL-TARGET drops happen if your interface is not in any zone. You need to run SuSEfirewall2 each time a new interface comes up.
cu Ludwig
-- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Frank Krüger wrote:
Sorry, the request was short, right. I didn't wanted to hijack the other thread ([suse-security] SuSE 9.2 + SuSEfirewall2 + nfs problems).
Which version of SuSEfirewall2? Which SUSE LINUX release? I got a SuSE 9.2 Machine connected via DSL running SuSEfirewall2-3.2-14.2 and pptpd.
ILL-TARGET drops happen if your interface is not in any zone. ppp1 should be in zone INT:
FW_DEV_INT="eth1 ppp1 ppp2 ppp3"
You need to run SuSEfirewall2 each time a new interface comes up. I thought this will be done by ip-up. ppp1 is set up by pptpd.
I'm not sure if that happens automatically if there is no interface configuration file.
Do I have to setup a initial configuration on ppp1?
No, you just need to run SuSEfirewall2 once it's up. cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/
participants (2)
-
Frank Krüger
-
Ludwig Nussel