Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [suse-security] SFW2-IN-ILL-TARGET
Date: Tue Jul 12 2005 - 09:56:46 CDT
On Tue, 12 Jul 2005, Michael Hoeller wrote:
> Hello Armin
> thanks for the relpay:
>> I think it would help if you outline your network configuration
>> for us so we can better understand what kind of SSH connection you are
>> trying to establish.
> My local machine is SuSE 9.2, updated. The remote machine is also SuSE 9.2
> with the latest updates.
> To connect to the remote machine I dialin via isdn and provide static IP
> This is the log from the remote machine, so "local" is actually the remote
> machine I connect to:
> Jul 9 21:34:18 omicron ipppd: local IP address 192.168.55.100
> Jul 9 21:34:18 omicron ipppd: remote IP address 192.168.55.200
> this seems to work. But as soon I try to connect via ssh
> I get rejected. And the following can be found in /var/log/messages
> Jul 9 21:34:22 omicron kernel: SFW2-IN-ILL-TARGET IN=ippp0 OUT= MAC=
> SRC=192.168.55.200 DST=192.168.55.100 LEN=6
> 0 TOS=0x00 PREC=0x00 TTL=64 ID=48935 DF PROTO=TCP SPT=1032 DPT=22
> WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B404
> On the remote machine I have setup the firewall2 via yast, IP Forwarding
> activated and I allow for ssh.
>> On the remote host, you have to set
>> in the /etc/sysconfig/SuSEfirewall2 file, then restart the firewall on
>> the remote host with "rcSuSEfirewall2 restart".
> I am not sure if this is the same as allowing in yast for ssh ??? Need to
>> If the remote host has an internal and an external IP, you have to use
>> the external IP for the SSH-connection when coming from external net
>> and the internal when coming from an internal net.
> I am using the following IP adresses (local is the remote machine!!)
> local IP address 192.168.55.100
> remote IP address 192.168.55.200
> So I think this is ok.
i prefer ascii art ::
private remote network
isdn dial up gets 192.168.55.200 assigned from server
isdn dial in 192.168.55.100
is this right ?
BINGO: Strukturiertes Vorgehen
--- Engelbert Gruber -------+
SSG Fintl,Gruber,Lassnig /
A6170 Zirl Innweg 5b /
Tel. ++43-5238-93535 ---+
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here