Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
AW: [suse-security] SuSE 9.2 + SuSEfirewall2 + pptp vpn
  • From: Frank Krüger <frank@xxxxxxxxxxxxxxx>
  • Date: Thu, 17 Mar 2005 10:01:15 +0100
  • Message-id: <001401c52acf$e0fe82a0$02fea8c0@xxxxxxxxxxxxxxx>
Hi Ludwig,

Sorry, the request was short, right.
I didn't wanted to hijack the other thread ([suse-security] SuSE 9.2 +
SuSEfirewall2 + nfs problems).

> Which version of SuSEfirewall2? Which SUSE LINUX release?
I got a SuSE 9.2 Machine connected via DSL running SuSEfirewall2-3.2-14.2
and pptpd.

> ILL-TARGET drops happen if your interface is not in any zone.
ppp1 should be in zone INT:

FW_DEV_INT="eth1 ppp1 ppp2 ppp3"

> You need to run SuSEfirewall2 each time a new interface comes up.
I thought this will be done by ip-up. ppp1 is set up by pptpd.

Do I have to setup a initial configuration on ppp1?

B.rgds,
Frank

--------------------------------------------
netlogistics
Frank Krueger <frank@xxxxxxxxxxxxxxx>

you may have a look at
http://www.netlogistics.de
--------------------------------------------


> -----Ursprüngliche Nachricht-----
> Von: Ludwig Nussel [mailto:ludwig.nussel@xxxxxxx]
> Gesendet: Mittwoch, 16. März 2005 10:25
> An: suse-security@xxxxxxxx
> Betreff: Re: [suse-security] SuSE 9.2 + SuSEfirewall2 + pptp vpn
>
>
> Frank Krüger wrote:
> > [...]
> > Could it be that there is something wrong with the last
> build of SFW2?
> > Ich got strage FW probs too, tryin' to get a pptp-vpn working.
> >
> > Mar 15 17:04:59 *** kernel: SFW2-IN-ILL-TARGET IN=ppp1 OUT= MAC=
> > SRC=192.168.21.210 DST=255.255.255.255 LEN=96 TOS=0x00
> PREC=0x00 TTL=128
> > ID=11508 PROTO=UDP SPT=137 DPT=137 LEN=76
> > Mar 15 17:04:59 *** kernel: SFW2-IN-ILL-TARGET IN=ppp1 OUT= MAC=
> > SRC=192.168.21.210 DST=255.255.255.255 LEN=96 TOS=0x00
> PREC=0x00 TTL=128
> > ID=11512 PROTO=UDP SPT=137 DPT=137 LEN=76
> > Mar 15 17:05:00 *** pptpd[21201]: Error writing GRE packet:
> Operation not
> > permitted
> > Mar 15 17:05:00 *** pptpd[21201]: CTRL: GRE read or PTY
> write failed
> > (gre,pty)=(6,5)
> >
> > ppp1 is set as a INT interface, class-routing is activated. I got no
> > further idea, with SuSE8.0 I had no problems.
>
> Which version of SuSEfirewall2? Which SUSE LINUX release?
> ILL-TARGET drops happen if your interface is not in any zone.
> You need to run SuSEfirewall2 each time a new interface comes up.
>
> cu
> Ludwig
>
> --
> (o_ Ludwig Nussel
> //\ SUSE LINUX Products GmbH, Development
> V_/_ http://www.suse.de/
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>
>
>


< Previous Next >
Follow Ups
References