[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SuSEfirewall2 behaves strangely



On Fri, 9 Jan 2004, Andreas Grommek wrote:

> Hi everybody!
>
> I do not know exactly if I am right at this mailing list with my problem but I don't know where else to go.
>
> I am using a SuSE linux 9.0 box as a DSL-router/gateway for my small LAN at home and have encountered some strange problems with the SuSEfirewall2 v3.1.
>
> The firewall is loaded automatically at boot-time and almost everything is ok. Routing for the internal machines works fine and all services running on the firewall (vsftpd, smbd, sshd, dhcpd, ...) can be accessed from internal machines but not from the "outside world". A port scan (via Steve Gibson's "ShieldsUp" at http://www.grc.com/) shows, that all ports are stealthed and my firewall does not react to ICMP pings (but it reacts to "ping" from the internal although I specified FW_ALLOW_PING_*="no" !!!). So far, so good, but I am not able to access the internet *from* the firewall!
> But that's not all. When I execute
>
> # SuSEfirewall2 stop
> # SuSEfirewall2 start
>
> the behavior is different:
> Now I can access the internet from the firewall (which I like)

this is strange

> but another portscan reveals, that the
> IDENT-port (tcp-port 113) is now "only" closed

this is ok, see SuSEfirewall

    # If port 113 (auth/identd) will not allowed below, outgoing mail would
    # be delayed most of the time. Hence we put a hardcoded reject line in.
    $IPTABLES -I input_ext 1 -j "$REJECT" -p tcp --dport 113 --syn 2> /dev/null

> (not stealth anymore, which I do not like) and occasionally (not reproduceable) the firewall
> responds to ICMP pings from the outside. OK, I know, that is *not* a
> very big security-issue, but it IS strange, isn't it?

the strange things might be due to that the firewall is not restarted
after an interface (dsl,ppp) is re/connect.


-- 
 BINGO: change the basis of competition
 --- Engelbert Gruber -------+
  SSG Fintl,Gruber,Lassnig  /
  A6170 Zirl   Innweg 5b   /
  Tel. ++43-5238-93535 ---+

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here