Mailinglist Archive: opensuse-security (145 mails)

< Previous Next >
SuSEfirewall2 and SuSE 92
  • From: Martin Fahlgren <martin@xxxxxxxxxxxxxx>
  • Date: Wed, 10 Nov 2004 10:05:15 +0100 (CET)
  • Message-id: <Pine.LNX.4.58.0411100954250.9377@xxxxxxxxx>
SuSEfirewall2 (64 bit version) is dropping ssh packets.
In /etc/sysconfig/SuSEfirewall2 I have opened ssh traffic

FW_SERVICES_EXT_TCP="http smtp ssh"

I can open a ssh session, but suddently it is stopped.
After a while (1-10 minutes) access is granted again etc.
The problem doesn't occur if the firewall is inactivated.
The log file confirms that the firewall is the offender with
entries like the following (I have changed addresses):

Nov 9 13:26:19 xxx kernel: SFW2-INext-DROP-DEFLT-INV IN=eth0
OUT= MAC=00:11:2f:etc... SRC=23.132.63.123
DST=193.181.84.121 LEN=112 TOS=0x00 PREC=0x00 TTL=60 ID=29130 DF PROTO=TCP
SPT=7321 DPT=22 WINDOW=19152 RES=0x00 ACK PSH URGP=0 OPT (010.....)

Thus the firewall is dropping packages:
SFW2-INext-DROP-DEFLT-INV

This is a SuSE 9.2 (64 bit) phenomenon, it doesn't appear in older
SuSE i386 versions (9.1, 9.0). I haven't checked the 9.2 i386
version, so I can't tell if it's a 64 bit problem only.

What's the cause (kernel, firewall program ...)?
How to solve/circumvent it?

Martin

< Previous Next >
This Thread
  • No further messages