OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Frédéric Poulet (pofrederic_at_yahoo.fr)
Date: Fri Nov 08 2002 - 11:07:19 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    route -n from firewall :

    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    80.15.77.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
    192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
    10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
    192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
    0.0.0.0 80.15.77.1 0.0.0.0 UG 0 0 0 ppp0

    route -n from web server

    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

    route print from windows

    ===========================================================================
    Liste d'Interfaces
    0x1 ........................... MS TCP Loopback interface
    0x2 ...00 40 f4 45 e8 0e ...... Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport
    d'ordonnancement de paquets
    ===========================================================================
    ===========================================================================
    Itin‚raires actifsÿ:
    Destination r‚seau Masque r‚seau Adr. passerelle Adr. interface M‚trique
              0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.199 20
            127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
          192.168.1.0 255.255.255.0 192.168.1.199 192.168.1.199 20
        192.168.1.199 255.255.255.255 127.0.0.1 127.0.0.1 20
        192.168.1.255 255.255.255.255 192.168.1.199 192.168.1.199 20
            224.0.0.0 240.0.0.0 192.168.1.199 192.168.1.199 20
      255.255.255.255 255.255.255.255 192.168.1.199 192.168.1.199 1
    Passerelle par d‚fautÿ: 192.168.1.1
    ===========================================================================
    Itin‚raires persistantsÿ:
      Aucun

     --- Thorsten Preuss <tpthpr.net> a écrit : > The line:
    >
    > Jan 17 16:10:29 linux kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC=
    > SRC=80.15.76.155
    > DST=80.15.77.20 LEN=78 TOS=0x00 PREC=0x00 TTL=120 ID=34582 PROTO=UDP
    > SPT=1030 DPT=137 LEN=58
    >
    >
    > tells us, that the firewall is at least blocking packets and that the
    > firewall logs these, too.
    >
    > Can you post the output of the command:
    >
    > route -n
    >
    > from your firewall and your webserver and perhaps the output
    > of the command
    >
    > route print
    >
    > from your windows box ?
    >
    >
    >
    > The setup following should work fine, but you will not be able
    > to reach your webserver from the inside with the public ip of your
    > ppp0 interface, just with the private ip 192.168.5.2.
    >
    > Please also try to get the newest version of the SuSEfirewall2 scripts,
    > i ran into some trouble with an older version while trying to use
    > FW_FORWARD_MASQ which ran fine after updating the scripts. The newest
    > version is available under:
    >
    > ftp://ftp.suse.com/pub/people/garloff/linux/SuSE/RPMS/[SuSE-version]/SuSEfirewall2-*
    >
    >
    > FW_DEV_EXT="ppp0"
    > FW_DEV_INT="eth1"
    > FW_DEV_DMZ="eth2"
    > FW_ROUTE="yes"
    > FW_MASQUERADE="yes"
    > FW_MASQ_DEV="$FW_DEV_EXT"
    > FW_MASQ_NETS="192.168.1.0/24 192.168.5.0/24"
    > FW_PROTECT_FROM_INTERNAL="yes"
    > FW_AUTOPROTECT_SERVICES="yes"
    > FW_SERVICES_EXT_TCP="80"
    > FW_SERVICES_EXT_UDP=""
    > FW_SERVICES_EXT_IP=""
    > FW_SERVICES_DMZ_TCP="80"
    > FW_SERVICES_DMZ_UDP=""
    > FW_SERVICES_DMZ_IP=""
    > FW_SERVICES_INT_TCP="80"
    > FW_SERVICES_INT_UDP=""
    > FW_SERVICES_INT_IP=""
    > FW_TRUSTED_NETS=""
    > FW_ALLOW_INCOMING_HIGHPORTS_TCP="DNS ftp-data"
    > FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS"
    > FW_SERVICE_AUTODETECT="yes"
    > FW_SERVICE_DNS="no"
    > FW_SERVICE_DHCLIENT="no"
    > FW_SERVICE_DHCPD="no"
    > FW_SERVICE_SQUID="no"
    > FW_SERVICE_SAMBA="no"
    > FW_FORWARD=""
    > FW_FORWARD_MASQ="0.0.0.0/0,192.168.5.2,tcp,80"
    > FW_REDIRECT=""
    > FW_LOG_DROP_CRIT="yes"
    > FW_LOG_DROP_ALL="yes"
    > FW_LOG_ACCEPT_CRIT="yes"
    > FW_LOG_ACCEPT_ALL="yes"
    > FW_LOG="--log-level warning --log-tcp-options --log-ip-option \
    > --log-prefix SuSE-FW"
    > FW_KERNEL_SECURITY="yes"
    > FW_STOP_KEEP_ROUTING_STATE="no"
    > FW_ALLOW_PING_FW="no"
    > FW_ALLOW_PING_DMZ="no"
    > FW_ALLOW_PING_EXT="no"
    > FW_ALLOW_FW_TRACEROUTE="no"
    > FW_ALLOW_FW_SOURCEQUENCH="no"
    > FW_ALLOW_FW_BROADCAST="no"
    > FW_IGNORE_FW_BROADCAST="yes"
    > FW_ALLOW_CLASS_ROUTING="no"
    > #FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
    >

    ___________________________________________________________
    Do You Yahoo!? -- Une adresse yahoo.fr gratuite et en français !
    Yahoo! Mail : http://fr.mail.yahoo.com 

    -- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here