[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Firewall-Problem with SynCE



Hello timo, all,

Am Dienstag, 13. Januar 2004 09:16 schrieb timo:
(...)
> I am not 100% sure - but almost... This probably comes from the
> fact that the "external" port of your firewall has private
> address and the firewall scripts expect it to have public
> address. Therefore firewall considers the source address to be
> spoofed since the private addresses such as 192.168.x.y range can
> not appear in the (public) Internet.
>
> If you check the script for the firewall (probably
> /sbin/SuSEfirewall2 as in SuSE 8.1) you will find lines where
> this issues is discussed, use "find" to search lines containing
> string "192.168".
>
> There is a customary rule subroutine that is called before
> setting up these anti-spoofing and I think you might set your
> special rules in that subroutine and allow the connection from
> your PocketPC BEFORE the firewall drops/denies it. I gues you
> should define the subroutine "fw_custom_before_antispoofing()" in
> the /etc/sysconfig/SuSEfirewall2 settings file for this purpose.
> You can probably find a lot more information about this in
> /usr/share/doc/packages/SuSEfirewall2/README, as pointed out by
> the firewall script.
>

I solved the problem in this way. I defined a private custom-rule 
like the script FWSuSEfirewall2-custom in /etc/sysconfig/scripts:
iptables -A INPUT -j ACCEPT -d 192.168.x.0/24

I wrote the file with this custom-rule (including the path to it) in 
the variable FW_CUSTOMRULES of the Firewall2script. Now it 
functioned fine :-)
(...)
>
> Spoofing here would mean that the firewall thinks that the source
> address of the incoming packet is false/crafted. Judged as such
> since the address is (as said) from private range and coming into
> a firewall port which is assumed to be public (by default). It is
> a good feature but causes problems when you are making a firewall
> between two private networks. I had the same problem once when I
> was teaching the firewall setup to a small group of others
> interested in Linux. Did not have the time to fix it back then
> but guessed what the problem might be.
>
> If you want to learn more... In my opinion (note opinion here)
> the "TCP/IP Illustrated" group of books by Richard W Stevens are
> excellent for learning more about this and TCP/UDP/IP. Then there
> is a couple of good books about network intrusion detection which
> handle these issues merely from the attack side (meaning that
> they leave a lot of general IP issues out). I can check what I
> have in my book shelf.

Please check Your book shelf for me and let me know some 
recommendable ones.

best regards,
Andreas

-- 
## Content Developer OpenOffice.org: lang/DE
## Freie Office-Suite für Linux, Mac, Windows, Solaris
## http://de.openoffice.org
## Meine Seite http://www.amantke.de


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here