Answering my own email - SuSEfirewall test is also reporting Oct 3 06:42:27 Gringo smbd[10641]: [2002/10/03 06:42:27, 0] smbd/service.c:make_connection(249) Oct 3 06:42:27 Gringo smbd[10641]: localhost (148.240.98.224) couldn't find service c Oct 3 06:42:29 Gringo kernel: SuSE-FW-DROP-DEFAULT IN=ippp0 OUT= MAC= SRC=148.240.98.224 DST=150.xxx.x. xxx LEN=40 TOS=0x00 PREC=0x00 TTL=107 ID=11567 DF PROTO=TCP SPT=1434 DPT=139 WINDOW=8756 RES=0x00 ACK UR GP=0 I don't recognize 148.240.98.244 at all Brian Marr On Thursday 03 October 2002 06:40, Brian Marr wrote:
I wonder where VMware should appear in the SuSEfirewall script ? I do not want it to be accessible to the internet, but accessible to my LAN (at least the Host). Currently SuSEfirewall is dropping VMware packets when I turn it on. Brian Marr Ifconfig Gringo:/home/magpie # ifconfig eth0 Link encap:Ethernet HWaddr 00:02:44:19:8B:50 inet addr:192.xxx.xx.x Bcast:192.xxx.xx.xxx Mask:255.255.255.0 inet6 addr: fe80::202:44ff:fe19:8b50/10 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2603644 errors:0 dropped:0 overruns:0 frame:0 TX packets:1824661 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:280080492 (267.1 Mb) TX bytes:565419632 (539.2 Mb) Interrupt:9 Base address:0x1000
ippp0 Link encap:Point-to-Point Protocol inet addr:150.xxx.x.xxx P-t-P:203.16.215.220 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP DYNAMIC MTU:1500 Metric:1 RX packets:636883 errors:0 dropped:0 overruns:0 frame:0 TX packets:615824 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:30 RX bytes:437491432 (417.2 Mb) TX bytes:51316064 (48.9 Mb)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:768791 errors:0 dropped:0 overruns:0 frame:0 TX packets:768791 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:72052846 (68.7 Mb) TX bytes:72052846 (68.7 Mb)
vmnet1 Link encap:Ethernet HWaddr 00:50:56:C0:00:01 inet addr:192.168.77.1 Bcast:192.168.77.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:fec0:1/10 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:283923 errors:0 dropped:0 overruns:0 frame:0 TX packets:349334 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
vmnet8 Link encap:Ethernet HWaddr 00:50:56:C0:00:08 inet addr:192.168.120.1 Bcast:192.168.120.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:fec0:8/10 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:6693 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Gringo:/home/magpie #
On Wednesday 02 October 2002 23:32, James Oakley wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On October 2, 2002 08:43 am, Brian Marr wrote:
Suse 8.0 Vmware 3.1 My SuSEfirewall configuration is progressing. I am on the net ! But am not sure what to make of this Brian Marr
Oct 2 21:11:03 Gringo kernel: SuSE-FW-UNAUTHORIZED-TARGET IN=vmnet1 OUT= MAC=00:50:56:c0:00:01:00:50:56:c1:6c:f5:08:00 SRC=192.168.77.128 DST=192.168.77.1 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=49945 DF PROTO=TCP SPT=1025 DPT=139 WINDOW=8653 RES=0x00 ACK URGP=0
IN=vmnet1 # The OS you're running under Vmware generated the packet DPT=139 # That's the destination port, which is Netbios
Basically, Windows under Vmware is sending traffic (looking for other Windows boxes) and your SuSEfirewall is configured to reject and log packets on port 139.
- -- James Oakley Engineering - SolutionInc Ltd. joakley@solutioninc.com http://www.solutioninc.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org
iD8DBQE9mvyA+FOexA3koIgRAlQbAJ0Zm0J0pearx0wqwdBzwJ2o7hHB4QCdEHxw r5hMys3TdWXNQkoG6joROFk= =WvUR -----END PGP SIGNATURE-----