A little bit OT, Is it worth it to install SuSEFirewall on a system with only a DSL router connection going right into my server nic.. that is no second nic for an internal network? Does SuSEFirewall require the two nic configuration? Thanks, Jim
The 03.06.15 at 14:18, Anders Johansson wrote:
Let us know what you find out. I've suspected for a while that there is something subtly wrong in the SuSEfirewall, but I've never suffered enough from it to muster up the energy to research it :)
No luck :-(
My sequence of events is this:
Jun 19 14:11:34 nimrodel poll.tcpip: _NOT_ starting mail and news send/fetch Jun 19 14:11:34 nimrodel ip-up.local: --> Up ppp0 /dev/ttyS1 115200 L: 81.41.199.207 R: 80.58.197.103 Par: Jun 19 14:11:34 nimrodel ip-up.local: --> Waiting for tcpdump activation Jun 19 14:11:44 nimrodel ip-up.local: --> Launching fetch/send tasks now Jun 19 14:11:44 nimrodel ip-up.local.doit: --> Starting mail and news send/fetch, and fidonet poll (expensive) Jun 19 14:11:44 nimrodel postfix/postqueue[5739]: warning: unix_trigger: write to public/qmgr: Broken pipe
And I'm getting illegal packets (second connection on the day, so it is not always the first connection after booting):
Jun 19 14:11:33 nimrodel kernel: SuSE-FW-ILLEGAL-TARGET IN=ppp0 OUT= MAC= SRC=198.41.0.10 DST=81.41.199.207 LEN=122 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=53 DPT=1024 LEN=102 Jun 19 14:11:33 nimrodel kernel: SuSE-FW-ILLEGAL-TARGET IN=ppp0 OUT= MAC= SRC=198.41.0.10 DST=81.41.199.207 LEN=124 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=53 DPT=1024 LEN=104
But they are not logged by tcpdump, it is still one second earlier than tcpdump is called :-(
And I don't know who/what is sending the original request, because I start the send/receive sequence a full 10 seconds after the connection is established and tcpdump started.
I wonder if I can set tcpdump to log packets from all interfaces :-?
-- Cheers, Carlos Robinson
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com