From: Steffen Dettmer (steffendett.de)
Date: Wed Aug 06 2003 - 16:51:12 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* André Sänger wrote on Wed, Aug 06, 2003 at 16:33 +0200:
> Aug 6 16:09:16 <linuxserver> kernel: martian source
> 192.168.80.1 from 10.68.26.117, on dev eth2 Aug 6 16:09:16
> <linuxserver> kernel: ll header:
> 00:50:04:45:33:f5:00:01:02:e2:39:4e:08:00

> In this example 10.68.26.117 is the client ip adress.
>
> eth0 is the internal interface to the clients,
> eth1 external
> eth2 another internal network to which the client has no direct access
>
> 192.168.80.1 is <linuxserver>´s ip adress on eth2

So it seems strange why the client connects to that address -
seems to be the wrong one. Are you sure that there is really no
routing for the client via eth2? Did you verified with tcpdump or
similar tools?

> The time synchronization attempt times out after some time on client
> side.
>
> If I stop SuSEfirewall2 'net time' works without problems.
>
> What has to be configured in SuSEfirwall2 to get 'net time' working?

There are situations, where rp_filter does not work. You can turn
it off. SuSEfirwall2 turns it on, but you can change that.
Somewhere there should be an echo "1" > ..../rp_filter, try to
change the 1 to 0 like echo "0" > .../rp_filter and restart
SuSEfirwall2.

Sorry, I cannot help much with SuSEfirwall2, maybe there is a
better way to do that - but should solve you problem for the time
you're looking for best solution :-)

oki,

Steffen

--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]