Mailinglist Archive: opensuse-security (69 mails)

< Previous Next >
Re: [suse-security] Open port in SuSEfirewall2
  • From: Richard Ems <suse-security@xxxxxxxxxxxxxxxxxxxx>
  • Date: Wed, 18 Oct 2006 09:16:56 +0200
  • Message-id: <4535D4E8.3010805@xxxxxxxxxxxxxxxxxxxx>
Terje J. Hanssen wrote:
> Richard Ems wrote:
>> I would suggest you to use tcpdump and sniff on the NIC to see if ssh
>> packets are arriving at all at your workstation.
>>
>> tcpdump -i eth0 port ssh
>>
>> will write to the console all ssh packets seen on eth0.
>> Or if you like GUIs try ethereal.
>>
>> See "man tcpdump".
>
> First, after entering the above command on the local host (alfa, Linux),
> is it possible to connect back again to local host using ssh through the
> router's (netsreen) external ip address, i.e. something similar to
>
> ssh 1.2.3.4 22

sure, tcpdump just shows you tcp/udp packets arriving at the selected
interface it doesn't block or stop nothing, if ssh works, it will work
with and without tcpdump running! Again, READ the manual page!

> or possibly log this using another command?
>
> Isn't there any log file from/for the SuseFirewall2 that tells if and
> which communication attempts (type) that has occured or has been
> rejecteded? Or are this only logged for each service type like already
> mentioned for ssh in /var/log/messages?

Yes, but using tcpdump is the way to go! Try it!

See parameters FW_LOG_[AD]* in /etc/sysconfig/SuSEfirewall2 . Setting
the firewall to log all packets will create really big logfiles!

# grep -B10 "^FW_LOG_[AD]" /etc/sysconfig/SuSEfirewall2
#
# 16.)
# Which logging level should be enforced?
# You can define to log packets which were accepted or denied.
# You can also the set log level, the critical stuff or everything.
# Note that logging *_ALL is only for debugging purpose ...
#
# Choice: "yes" or "no", if not set FW_LOG_*_CRIT defaults to "yes", and
# FW_LOG_*_ALL defaults to "no"
#
FW_LOG_DROP_CRIT="yes"

## Type: yesno
## Default: no
#
FW_LOG_DROP_ALL="no"

## Type: yesno
## Default: yes
#
FW_LOG_ACCEPT_CRIT="yes"

## Type: yesno
## Default: no
#
FW_LOG_ACCEPT_ALL="no"


< Previous Next >