OpenSUSE Network :: SuSEfirewall Blocking All Connections Tunnelled Over Ssh
Sep 14, 2010
My home computer has 11.3 and SuSEfirewall enabled. It connects to the net over the wireless and SuSEfirewall has this connection in the external zone.
I can successfully ssh into this computer from remote (the work computer) but none of the ssh port-forwarded connections work. I'm trying to tunnel VNC over ssh. I also tried setting http on the home computer to serve pages on a high-numbered port (8090) and tunnelling that but it also didn't work - proving that it's not a VNC problem.
Here are the relevant messages from the firewall logs on the home machine:
Code:
I don't understand why this isn't working now, I had the same setup on 11.2 and it worked fine.
The 95.91.92.92 is the public IP address of my home router, I don't understand why a connection would appear to be coming from there when I use ssh-tunnelling?
View 5 Replies
ADVERTISEMENT
Nov 17, 2010
I have a remote network that I manage consisting of a DLink DFL-210 firewall/router, and behind that a Dell server running openSUSE 11.2 and a collection of Windows XP/Vista/7 computers.
The Linux box is running OpenVPN as a server (that is how I connect to this network) and a client (it connects to a second server - running XP - at a different location).
The DLink router is the DHCP server and provides addresses on the 192.168.51.0/24 network. The OpenVPN server provides the 10.8.51.0/24 address range.
The remote network that the Linux box connects to is 192.168.54.0/24 via the OpenVPN network 10.8.54.0/24.
I have added routes to the DLink router to route all traffic to the 10.8.51.0/24 and 192.168.54.0/24 networks to the Linux box.
With SUSEFirewall turned off, after I have connected via OpenVPN from my remote computer I can ping all active 192.168.51.0/24 addresses. Other computers on the 192.168.51.0/24 network can ping computers on the 192.168.54.0/24 network. But if I turn on SUSEFirewall, neither of these work. However, I can ping 10.8.54.1 from any computer on the 192.168.51.0/24 network.
How can I set up SUSEFirewall to allow these networks to communicate with eachother?
View 5 Replies
View Related
Jan 18, 2010
I just noticed the following error after booting my system.
Code:
I cannot find any reference on this on the forum or else on the internet. Is this a major problem or just a notification that can be ingnored.
View 4 Replies
View Related
Sep 14, 2011
As too my question, at this time I dont control the router/firewall an I would like to block a port thats used for guild wars on my workstation for a while. The reason for blocking is children have abused it an lost it.In this case I am trying to block outgoing traffic on port 6112. I have tried setting up a proxy server on the workstation, but the game seems to ignore it an jump on. Due to the environment, I enabled the workstation SuSEFirewall2 firewall an tried setting up "lo" as a internal an configure the firewall as a router, then disable 0/0 an configured for 0/0,tcp,443 an re route port 80 traffic to proxy.
When I had my own internet, I had a transparent proxy enforcing rules for access times. So setting up a proxy on each machine would not be a bad thing, even if it took some creative thinking. I am trying, but seem to be missing something.Ideally, I would like to setup a transparent proxy, as my kids have learned alot about system administration an know to check the proxy module. If all they have to do is un check "Use Proxy" an by pass a local proxy server, then I am kinda defeated. An applications such as firefox have a proxy setting they could set to none instead of system
View 9 Replies
View Related
Aug 1, 2011
I might be misunderstanding the log but it looks like UFW is blocking connections. I want to allow all incoming and outgoing. I guess what I'm saying is that the servers on my computer will open ports but all other ports should respond with closed just like a default Ubuntu install. Trying to use UFW to monitor connections without really doing any firewalling.
Code:
Aug 1 07:14:07 universal-mechanism kernel: [311111.963762] [UFW BLOCK] IN=eth0 OUT= MAC=00:1f:c6:8a:e9:66:00:01:5c:32:f4:c1:08:00 SRC=72.21.203.146 DST=174.44.178.56 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=51984 DF PROTO=TCP SPT=80 DPT=54466 WINDOW=8201 RES=0x00 RST URGP=0
View 2 Replies
View Related
Feb 8, 2011
Ok so, buddy of mine has his ssh server setup and upon checking his logs he sees a ton of failed attempts. Now obviously these are people that are scanning him and trying to brute force him. So is there a way to block them? We know you can block each IP but is there a way to block ALL connections except for certain ones, such as his and mine? Maybe a couple others.
View 6 Replies
View Related
Jan 18, 2010
Mobloquer starts up at boot and before I've even opened firefox or transmission or anything, mobloquer shows that is has started blocking several outgoing connections as well as ton of incoming connections. I was wondering if the outgoing connections is normal and what's a normal amount of network activity to show up in system monitor when I'm not actively using the internet.
View 2 Replies
View Related
Aug 19, 2010
Ok here's my setup :
SuSE 10.0 X86 32 acting as my internet gateway and firewall.
eth0 is my internal interface network 192.168.0.0/24 IP 192.168.0.254 dsl0 is my internet connection and is a single ip PtP connection to my ISP.
My internal network is masquaraded onto the external network.
I run an smtp server on my gateway box that I need to be accessable to both the internal and external networks.
However I want to prevent machines on the internal network from establishing connections to external smtp servers, but still alow them to connect to the smtp server on the gateway to send email.
NOTE I do not want to force attempts to connect to [URL] 25 to be re-directed to my internal server I just want to drop or reject the connection.
The firewall up until now has just been configured through YaST, but am not afraid to edit script files if needed
The reason for doing this it to prevent spambots from being able to send through my isp, I keep my own machines clean but sometimes get asked to disinfect machines for other people (family members etc), where I need to connect to the outside world to get updates/virus defs etc, but don't want them spamming from my network.
View 2 Replies
View Related
Sep 8, 2010
I've setup vnc over ssh tunnelling however the Suse firewall seems to be blocking it. On the local host I have this in ~/.ssh/config:LocalForward localhost:5900 remotehost.com:5900 The problem is that this only works when I either disable the firewall or add an exception for VNC. Both of these actions defeat the whole purpose of ssh tunnelling since they leave my VNC port open to the outside world (very insecure).
View 2 Replies
View Related
Oct 27, 2010
I need to write program for non blocking socket connections.I have made extensive research but could only get to non blocking READ or WRITE after the connection is established. run the program do a series of tasks (ex: counter printing time on screen) if there is request for connection, connect send or receive data.
View 1 Replies
View Related
Feb 26, 2010
I have openSUSE 11.2 installed and i need to create a gateway server that allows virtual private network connections. I want to play with my friends some lan games, but we are in different networks, so i want to create this gateway server so we can connect with VPN clients to this server and play freely.
View 7 Replies
View Related
Jan 13, 2010
Does anyone know how to permanently enable X connections from all machines on my local network. I keep having to enter 'xhost +' to allow X connections.
View 2 Replies
View Related
Mar 12, 2011
I have no Internet Access with Firefox
I first tried an upgrade from 11.3 to 11.4 and lost Internet Access, so i re-loaded 11.4 from scratch on clean partitions.
I am connected to my wireless WPA2/PSK connection, have an IP, am able to see the network.
I turned off and disabled the SUSE firewall.
I tried setting Firefox proxy settings to auto and to none, i dont use proxy.
I am currently posting this through an SSH connection to my 11.1 server from the new install of 11.4 on a Dell latitude D600 laptop (not using the on-board Broadcomm that is an issue for a later date).
I am running out of ideas anyone got a clue.
View 9 Replies
View Related
Mar 31, 2011
I had a google of this but can't find anything useful. I use networkmanager to configure my wireless card. Currently this only works when I'm logged in to KDE. If I log out the system loses the network connection. Is there a way to make it persistent using NetworkManager?
View 9 Replies
View Related
Jan 10, 2010
Printer is connected via USB to server PC running OpenSUSE 11.1 Client PCs are running 11.1, XP, Vista No problem printing from the Windoze machines
Printing is trouble free with the 11.1 client's firewall disabled, but no printer is available with firewall running.
In hopes of diagnosing the problem I figured I'd open everything I could think of until the printer remained available with the firewall running. Then I planned to start removing exceptions one at a time 'til removing one caused the printer to disappear.
I've gone to Yast>Security and Users>Firewall>Allowed Services>External Zone and tried addingSamba Server
NetBIOS server
Samba Client
Samba Server
VNC
[Code]....
View 5 Replies
View Related
Feb 18, 2010
We are switching from an uncapped 512kb line to a 4MB line at the office... One catch though. The 4MB line will only be linked to a 30GB account, without the option to top up. I therefore have been asked to put something in place to regulate what the staff download at work. Basically block movie, music and torrent downloads should be sufficient, but they would also like to have a list of where staff have been in case of abuse. I have tried OpenDNS in the past, but the guys took great delight in getting around this, and did it within minutes... I can't enter a proxy setting into their browsers, because they all have local admin rights on their Windows boxes and will just disable that. How do I do this on a server level, so that they can't get around this?
View 3 Replies
View Related
May 1, 2010
I have trouble with opensuse susefirewall 2 and my own rules. since i have installed a suspicious download manager, i detect outgoing traffic in the monitor and i want to block ougoing traffic except some apps like firefox, jinchess ...
1) I had to modify FW_CUSTOMRULES="" with FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" in /etc/sysconfig/SuSefirewall2
2) I had to add my own rules in /etc/sysconfig/scripts/SuSEfirewall2-custom in the appropriate hook
3) I don't know if rules are good.. they seem to work because for example jinchess can't access his server with the DROP rule until i add the ACCEPT rule BUT in fact the download manager still access internet and amarok too when it searches for songs lyrics ! i have discovered it's because the others apps use port 80
I give here the file /etc/sysconfig/scripts/SuSEfirewall2-custom
How to to make firefox use another specified port ? i wanted to use privoxy with tor but it doesn't work .. is there input/output controler on linux (something like zonealarm on XP) ? the trouble is that all outgoing traffic is permitted by default!
View 4 Replies
View Related
Jan 14, 2011
I just finished a fresh install of 11.3 on an HP 7900 small form factor and have no network connectivity. In Network Tools eth0 shows the state as inactive. Network Connections didn't have a connection, so after letting it create one there is no MAC address. I copied and pasted the MAC address from Network Connections eth0, set up a static address with default gateway, netmask, etc. all set appropriately and rebooted. Still no joy.
I want this to get an address via DHCP, I just set up a static address for testing.11.2 sensed the NIC without issue, but 11.3 doesn't seem to like me right now.I wanted to get this deployed on 40 machines today. Oh well.
View 2 Replies
View Related
Mar 19, 2011
network manager isnt showing any network interfaces. ifconfig shows wlan0 and eth0 and internet is working. how can i get network manager to manage those connections?
View 8 Replies
View Related
Mar 21, 2011
I remember when using openSUSE 11.3 with KDE 4.5, the network connections started to show the last date used for my "NIC".I am using the plasmoid-networkmanagement plasmoid and KNemo.After I downloaded and installed openSUSE 11.4 64-bit, the network connection no longer shows the last date used. I have set up my card via Yast and Iam connected directly to the Internet. No proxy.To find where this is located, navigate to:Configure Desktop --> Network Settings --> Network Connections --> Wired tab.
View 2 Replies
View Related
Apr 26, 2011
I obviously a noob to Suse but after installing 11.4, and filezilla, i cant connect to my ftp server. Ive opened ports 21 22 and 990 explicitly in the firewall and all I get is a 425 error Cant Retrieve Directory Listing. It logs me in ok but doesnt allow data connections?
View 9 Replies
View Related
May 3, 2011
First a warning that I'm so clueless it hurts. Initially I entered the Linux world as a solution to my blue screening Alienware Aurora desktop (which later fried anyway ironically enough). I decided to give up on Windows for everyday use cause you can't strangle an operating system. My first and there after Linux experiences have been fantastic. Internet works without prompting through various distributions of Ubuntu, Mint, and KDE with the exception of enlightenment.
But now I come to openSUSE 11.4 and as my title suggests I'm having a hard time connecting to the internet. I've got a wireless card and router and all that jazz but I can't even select the options for wired or wireless connections under Network Connections in the Network Management Settings. Everything is greyed out except for VPN. I even have the desktop wired to the router and it still is not giving me any indication that it will connect.
I'm wary of trying to enter ip addresses and things of the like because I honestly don't know what i'm doing here.
My router is a Netgear N150 Wireless WNR1000 and in the Kinfocenter under Device Viewer I found my wireless card to be a RaLink RT2561/RT61 802.11 g PCI and my wired device thingy to be an Intel 82540EM Gigabit Ethernet Controller.
View 3 Replies
View Related
May 30, 2011
I recently installed Fedora 15 now, and during installation I set the internet connection manually, then did update and after reboot, the internet connection settings have been removed. Now I can not set because the network connection to the Internet Connection is inactive. I mention that before the update was functional internet connection.
View 5 Replies
View Related
Jun 18, 2010
does opensuse 11.2 come with IPv6 enabled by default? where in the gnome gui can i access these settings?
Edit-i went into the gnome network manager applet and i cant find any IPv6 settings for any of my used connections-ethernet, wireless and VPN connections all seem to only IPv4. Can anyone else confirm that opensuse 11.2 uses only IPv4 on its network connections?
View 9 Replies
View Related
Jul 13, 2010
My server SUSE 10.2. I am already working with one pppoe connection, I need to configure the second on the same server? How I do this?
View 2 Replies
View Related
Feb 5, 2011
I've been searching for a couple of hours and have not found any threads that solve my situation... hope I'm not repeating something here.
Setup: Notebook with openSUSE 11.2 using KDE 4. Using Network Manager to manage network connection (although I've tried configuring this using ifup as well with no luck).
I need to be able to connect to client networks via a network cable (Ethernet) and connect to the internet via my MiFi 2200 Mobile WiFi. Both cards/connections are active with the following:
I have no problem mounting drives from the client's network. But, can not reach the internet. If I disconnect the ethernet cable, the browser will immediately connect to the internet and load web pages.
I'm assuming the ethernet connection is taking precedence over the wireless connection?
I can't imagine that there is not a way to set this up. If Windows can do it, I'm sure openSUSE can!
View 9 Replies
View Related
Jul 16, 2011
Just wonder is there any command that blocks all connections?
I am aware about RedHat #sudo /sbin/services iptables panic
and wonder is there something with similar effect in opensuse?
View 5 Replies
View Related
Apr 26, 2010
I'm running suse 11.1 which is configured as a router. Configured are two DSL connections with static IP's and one LAN connection (3 NIC's all together).
Problem: suse firewall will only port forward connections from one of the DSL connections and not the other.
Because I'm running two DSL connections is there something special I have to turn on/enable on the firewall?
View 1 Replies
View Related
May 19, 2010
My question is simple - is there any linux app or applet which is able to show (monitor) incoming and outgoing connections assuming it's a direct internet access? I was using a firewall on a system off Redmont which was able to show every connection, listening ports of services if some were opened etc.
View 1 Replies
View Related
Aug 10, 2010
My ISP has for a long time had a broken forward/reverese DNS so that my ADSL connection with static IP address resolves to a completely different IP address on a reverse query. This has not been a problem until I upgraded a remote server from 10.3 to 11.3 last weekend and now ssh connections from my ADSL connection to it using public/private keys are being rejected with the following message in /var/log/messages (IP addresses changed):
Aug 10 12:00:32 penguin1 sshd[1270]: Address 83.175.246.243 maps to 83-175-246-243.static.dsl.aupex.com, but this does not map back to the address - Possible Break in Attempt!
But if I log in interactively with username & password, the connection succeeds. I've changed the StrictModes setting in sshd_config to 'no' but this hasn't resolved the problem. Obviously something in 11.3 is being stricter about this IP mismatch than it was in 10.2 (and no, the server is not using a firewall). There must be something I can change to make sshd more permissive? I've tried before to get my ISP to fix their problem but no luck. This needs to be sorted as a server at my home (which does not run SuSE) retrieves backups from the remote OpenSuSE 11.3 server every night using scp and these are now failing.
View 3 Replies
View Related
