|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [suse-security] SFW2-IN-ILL-TARGET
engelbert.gruber
ssg.co.at
Date: Tue Jul 12 2005 - 09:56:46 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 12 Jul 2005, Michael Hoeller wrote:
> Hello Armin
>
> thanks for the relpay:
>
>> I think it would help if you outline your network configuration
>> for us so we can better understand what kind of SSH connection you are
>> trying to establish.
>
> My local machine is SuSE 9.2, updated. The remote machine is also SuSE 9.2
>
> with the latest updates.
> To connect to the remote machine I dialin via isdn and provide static IP
> adresses.
>
> This is the log from the remote machine, so "local" is actually the remote
> machine I connect to:
> Jul 9 21:34:18 omicron ipppd[7273]: local IP address 192.168.55.100
> Jul 9 21:34:18 omicron ipppd[7273]: remote IP address 192.168.55.200
>
> this seems to work. But as soon I try to connect via ssh
> user192.168.55.200
> I get rejected. And the following can be found in /var/log/messages
>
> Jul 9 21:34:22 omicron kernel: SFW2-IN-ILL-TARGET IN=ippp0 OUT= MAC=
> SRC=192.168.55.200 DST=192.168.55.100 LEN=6
> 0 TOS=0x00 PREC=0x00 TTL=64 ID=48935 DF PROTO=TCP SPT=1032 DPT=22
> WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B404
> 02080A01E052360000000001030302)
>
> On the remote machine I have setup the firewall2 via yast, IP Forwarding
> is
> activated and I allow for ssh.
>
>> On the remote host, you have to set
>> FW_SERVICES_EXT_TCP="ssh"
>> in the /etc/sysconfig/SuSEfirewall2 file, then restart the firewall on
>> the remote host with "rcSuSEfirewall2 restart".
>
> I am not sure if this is the same as allowing in yast for ssh ??? Need to
> check.
>
>> If the remote host has an internal and an external IP, you have to use
>> the external IP for the SSH-connection when coming from external net
>> and the internal when coming from an internal net.
> I am using the following IP adresses (local is the remote machine!!)
> local IP address 192.168.55.100
> remote IP address 192.168.55.200
> So I think this is ok.
i prefer ascii art ::
private remote network
isdn dial up gets 192.168.55.200 assigned from server
|
|
isdn dial in 192.168.55.100
server
is this right ?
--
BINGO: Strukturiertes Vorgehen
--- Engelbert Gruber -------+
SSG Fintl,Gruber,Lassnig /
A6170 Zirl Innweg 5b /
Tel. ++43-5238-93535 ---+
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]