Hi,
I have DSL and I am using pppoed. I installed a minimal susefirewall set of rules, and everything seems to work nicely.
Just a little thing: when I try to connect to external hosts via ssh, I get about 3-4 such lines in my logs, and it takes really long to connect (5-10 seconds) :
Mar 1 14:58:49 bigapple kernel: Packet log: output DENY ppp0 PROTO=1 195.186.133.129:3 195.186.1.111:3 L=214 S=0xC0 I=42750 F=0x0000 T=255 (#3) Mar 1 15:01:21 bigapple kernel: Packet log: output DENY ppp0 PROTO=1 195.186.133.129:3 195.139.143.170:3 L=88 S=0xC0 I=42872 F=0x0000 T=255 (#3)
Maybe you should not block outgoing ICMP destination-unreachable packets (ICMP type 3). They are used, besides other things, for MTU discovery. Blocking these packets leads to MTU not being reduced and network performance detereorating to extremely poor levels. I suggest you re-read the ipchains-Howto (in /usr/share/doc/packages/ipchains). It's discussed there in section 5.
The funny thing is that when I connect to an old suse server (suse 6.x), it works directely. So that must be something with openssh/old-ssh.
Any idea of what I could change to allow these icpm packets to come in ?
The last item in your log entries (#3) should indicate the offending rule. It's rule no. 3 in your output chain.
Regards & Thanks, Olivier
Regards, Martin -- Martin Leweling Institut fuer Planetologie, WWU Muenster Wilhelm-Klemm-Str. 10, 48149 Muenster, Germany E-Mail (work): lewelin@uni-muenster.de