[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] Firewall-Problem with SynCE



Hello,

yesterday I synced a PocketPC over synce to my SuSE 8.2 box. The 
interface is USB-Port ttyUSB1. The sync functined fine without the 
SuSEfirewall2 (stoped). If I started the Firewall again, there are 
the following messages in /var/log/messages:

Jan 11 20:22:56 linux kernel: SuSE-FW-DROP-ANTI-SPOOF IN=ppp0 OUT= 
MAC= SRC=192.168.131.201 DST=192.168.131.102 LEN=64 TOS=0x00 
PREC=0x00 TTL=128 ID=60971 DF PROTO=TCP SPT=1201 DPT=5679 
WINDOW=32768 RES=0x00 SYN URGP=0 OPT 
(020405B4010303000101080A000000000000000001010402)

The sync failed.

The command route -n bring me the following output:

 Ziel            Router          Genmask         Flags Metric Ref    
Use Iface
192.168.131.201 0.0.0.0         255.255.255.255 UH    0      0        
0 ppp0
192.168.22.0    0.0.0.0         255.255.255.0   U     0      0        
0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        
0 eth1

My configuration of SuSEFW2:

FW_DEV_EXT="ppp0"
FW_DEV_INT="eth1"
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="192.168.0.0/16"
FW_PROTECT_FROM_INTERNAL="no"
FW_AUTOPROTECT_SERVICES="yes"
FW_SERVICES_EXT_TCP="13 10001"
FW_SERVICES_EXT_UDP="13"
FW_SERVICES_INT_TCP="22 80 119 8080 10001 139 5678 5679 990"
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS"

The other points of the FW-script are default.

My questions:
1.) In FW_SERVICES_INT_TCP I added Port 5678, 5679 and 990 because 
the SynCE-Documation tells me, that the PocketPC need Access to the 
PC on Port 5678, 5679 and the PC on the PocketPC on Port 990. Is 
this the right way to configure this?
2.) I don't know the meaning of the message above. Is there a 
documentation to learn about?

Regards,
Andreas
-- 
## Content Developer OpenOffice.org: lang/DE
## Freie Office-Suite für Linux, Mac, Windows, Solaris
## http://de.openoffice.org
## Meine Seite http://www.amantke.de


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here