Hi Ludwig, Sorry, the request was short, right. I didn't wanted to hijack the other thread ([suse-security] SuSE 9.2 + SuSEfirewall2 + nfs problems).
Which version of SuSEfirewall2? Which SUSE LINUX release? I got a SuSE 9.2 Machine connected via DSL running SuSEfirewall2-3.2-14.2 and pptpd.
ILL-TARGET drops happen if your interface is not in any zone. ppp1 should be in zone INT:
FW_DEV_INT="eth1 ppp1 ppp2 ppp3"
You need to run SuSEfirewall2 each time a new interface comes up. I thought this will be done by ip-up. ppp1 is set up by pptpd.
Do I have to setup a initial configuration on ppp1?
B.rgds,
Frank
--------------------------------------------
netlogistics
Frank Krueger
-----Ursprüngliche Nachricht----- Von: Ludwig Nussel [mailto:ludwig.nussel@suse.de] Gesendet: Mittwoch, 16. März 2005 10:25 An: suse-security@suse.com Betreff: Re: [suse-security] SuSE 9.2 + SuSEfirewall2 + pptp vpn
Frank Krüger wrote:
[...] Could it be that there is something wrong with the last build of SFW2? Ich got strage FW probs too, tryin' to get a pptp-vpn working.
Mar 15 17:04:59 *** kernel: SFW2-IN-ILL-TARGET IN=ppp1 OUT= MAC= SRC=192.168.21.210 DST=255.255.255.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=11508 PROTO=UDP SPT=137 DPT=137 LEN=76 Mar 15 17:04:59 *** kernel: SFW2-IN-ILL-TARGET IN=ppp1 OUT= MAC= SRC=192.168.21.210 DST=255.255.255.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=11512 PROTO=UDP SPT=137 DPT=137 LEN=76 Mar 15 17:05:00 *** pptpd[21201]: Error writing GRE packet: Operation not permitted Mar 15 17:05:00 *** pptpd[21201]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5)
ppp1 is set as a INT interface, class-routing is activated. I got no further idea, with SuSE8.0 I had no problems.
Which version of SuSEfirewall2? Which SUSE LINUX release? ILL-TARGET drops happen if your interface is not in any zone. You need to run SuSEfirewall2 each time a new interface comes up.
cu Ludwig
-- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here