[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Can't access internet with SuSE FW2



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Hoeller <MichaelHoeller@xxxxxxxxxxx> wrote:
> Jan  9 22:39:47 tamboti kernel: SuSE-FW-ILLEGAL-TARGET IN=ippp1 OUT= MA
> C= SRC=194.25.2.129 DST=62.227.40.138 LEN=94 TOS=0x00 PREC=0x00 TTL=60
> ID=0 DF PROTO=UDP SPT=53 DPT=1029 LEN=74

ippp1? are you using isdn? :)

what does your routing look like? try route (as root), its output should
look like this:

knecht:/home/boss # route
Kernel IP Routentabelle
Ziel            Router          Genmask         Flags Metric Ref Use Iface
217.5.xxx.xxx   *               255.255.255.255 UH    0      0   0   ppp0
192.168.1.0     *               255.255.255.0   U     0      0   0   eth0
192.168.0.0     *               255.255.255.0   U     0      0   0   eth1
default         217.5.xxx.xxx   0.0.0.0         UG    0      0   0   ppp0

i'm using t-dsl; ppp0 & eth0 are for the dsl-uplink and eth1 is
connected to a switch. so ppp0 must be the default-route.


> This sounds fairly simple but I couldn't figgure out what is wrong... 
> I have attched my settings from /etc/sysconfig/SuSEFirewall2. 
> 
> Hope some one can give me a hint I am lost with this one :(

it should work with your fw-config (mine looks similar on a SL 8.0, only
big difference is FW_ALLOW_CLASS_ROUTING="yes"). my guess is that
something is wrong with your routing.

 
- -- 
Bastard Administrator in $hell
GPG-Key at http://lists.notified.de/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFAAGasLMyTO8Kj/uQRAoSDAJ41vb0BItm+pryFSRVsgE/sb0aLVgCePi2t
rWFS7fJ1WH/Uf2rgLDxyG/Q=
=hVbA
-----END PGP SIGNATURE-----

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here