Probleme mit Routing PORT 25 von eth1 zu eth0

Anonymous · 15 Feb. 2008

Hallo,

ich hab das Problem das die Meldung im LOG SFW2-FWD-ILL-ROUTING kommt.
Benutze DNAT um die Adressen umzubiegen.

Hier gesammlete informationen durch ein nettes script:

Code:

collectNWData.sh V0.5.2.1

--- Welche Netzwerktopologie liegt vor?
--- (1) DSL modem <---> LinuxClient
--- (2) DSL HW router <---> LinuxClient
--- (3) DSL modem <---> LinuxRouter <---> LinuxClient
--- (4) DSL HW router <---> LinuxRouter <---> LinuxClient
--- Bitte mit 1-4 anworten:4

--- Auf welchem Rechner wird das Script ausgeführt?
--- (1) LinuxClient
--- (2) LinuxRouter
--- Bitte mit 1-2 anworten:2
--- Es werden Netzwerkinformationen gesammelt...
--- Die eben gesammelten Daten werden nach häufigen Fehlern analysiert...


--- Keine offensichtlichen Fehler gefunden. Die Datei collectNWData.out in Deinem bevorzugten Linux forum posten oder aber die Datei auf phpfi.com posten und dann de n Link zu phpfi.com im bevorzugten Linux Forum posten.
sles10-1:/home/rules # mc

sles10-1:/home/rules # vi *.out

[Kein Schreiben seit der letzten Änderung]
/bin/bash: EXIT: command not found

Shell beendet 127

Drücken Sie die EINGABETASTE oder geben Sie einen Befehl ein
sles10-1:/home/rules # tail -n 2000 *.out
collectNWData.sh V1.5.2.1
--- Welche Netzwerktopologie liegt vor?
--- (2) DSL HW router <---> LinuxClient
--- Auf welchem Rechner wird das Script ausgeführt?
--- (2) LinuxRouter


==================================================================================================
==================================================================================================
*** uname -a
Linux sles10-1 2.6.16.46-0.12-smp #1 SMP Thu May 17 14:00:09 UTC 2007 x86_64 x86_64 x86_64 GNU/Linux
==================================================================================================
*** cat /etc/SuSE-release
SUSE Linux Enterprise Server 10 (x86_64)
VERSION = 10
PATCHLEVEL = 1
==================================================================================================
*** cat /etc/resolv.conf | grep -v "^#" | grep -v "^$"
nameserver 145.253.2.11
search mack-net.de
==================================================================================================
*** cat /etc/hosts | grep -v "^#" | grep -v "^$" | grep -v "::"
127.0.0.1       localhost
192.168.0.50    sles10-1.mack-net.de sles10-1
217.14.123.165  sles10-1.mack-net.de
==================================================================================================
*** cat /proc/sys/net/ipv4/ip_forward
1
==================================================================================================
*** /usr/sbin/iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere            tcp dpt:smtp to:192.168.0.18:25

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
==================================================================================================
*** /sbin/route -n
Kernel IP Routentabelle
Ziel            Router          Genmask         Flags Metric Ref    Use Iface
217.14.123.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.0.0     192.168.0.2     255.255.255.0   UG    0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         217.14.123.199  0.0.0.0         UG    0      0        0 eth1
==================================================================================================
*** /sbin/arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
217.14.123.199           ether   00:13:D4:22:43:B4   C                     eth1
==================================================================================================
*** /sbin/ifconfig
eth0      Protokoll:Ethernet  Hardware Adresse 00:1A:92:D3:E5:6A
          inet Adresse:192.168.0.50  Bcast:192.168.0.255  Maske:255.255.255.0
          inet6 Adresse: fe80::21a:92ff:fed3:e56a/64 Gültigkeitsbereich:Verbindung
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2935 errors:0 dropped:0 overruns:0 frame:0
          TX packets:87 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 Sendewarteschlangenlänge:1000
          RX bytes:874906 (854.4 Kb)  TX bytes:11007 (10.7 Kb)
          Interrupt:66 Basisadresse:0xa000

eth1      Protokoll:Ethernet  Hardware Adresse 00:1A:92:D3:F5:27
          inet Adresse:217.14.123.165  Bcast:217.14.123.255  Maske:255.255.255.0
          inet6 Adresse: fe80::21a:92ff:fed3:f527/64 Gültigkeitsbereich:Verbindung
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:27541 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1339 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 Sendewarteschlangenlänge:1000
          RX bytes:1811455 (1.7 Mb)  TX bytes:547890 (535.0 Kb)
          Interrupt:225 Basisadresse:0xc000

lo        Protokoll:Lokale Schleife
          inet Adresse:127.0.0.1  Maske:255.0.0.0
          inet6 Adresse: ::1/128 Gültigkeitsbereich:Maschine
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:120 errors:0 dropped:0 overruns:0 frame:0
          TX packets:120 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 Sendewarteschlangenlänge:0
          RX bytes:8643 (8.4 Kb)  TX bytes:8643 (8.4 Kb)

==================================================================================================
*** pingTests
192.168.0.50 : Ping OK
217.14.123.165 : Ping OK
127.0.0.1 : Ping OK
195.135.220.3 : Ping OK
www.suse.de : Ping OK
==================================================================================================
*** /sbin/lspci
00:00.0 RAM memory: nVidia Corporation C51 Host Bridge (rev a2)
00:00.1 RAM memory: nVidia Corporation C51 Memory Controller 0 (rev a2)
00:00.2 RAM memory: nVidia Corporation C51 Memory Controller 1 (rev a2)
00:00.3 RAM memory: nVidia Corporation C51 Memory Controller 5 (rev a2)
00:00.4 RAM memory: nVidia Corporation C51 Memory Controller 4 (rev a2)
00:00.5 RAM memory: nVidia Corporation C51 Host Bridge (rev a2)
00:00.6 RAM memory: nVidia Corporation C51 Memory Controller 3 (rev a2)
00:00.7 RAM memory: nVidia Corporation C51 Memory Controller 2 (rev a2)
00:03.0 PCI bridge: nVidia Corporation C51 PCI Express Bridge (rev a1)
00:04.0 PCI bridge: nVidia Corporation C51 PCI Express Bridge (rev a1)
00:08.0 RAM memory: nVidia Corporation MCP55 Memory Controller (rev a1)
00:09.0 ISA bridge: nVidia Corporation MCP55 LPC Bridge (rev a2)
00:09.1 SMBus: nVidia Corporation MCP55 SMBus (rev a2)
00:09.2 RAM memory: nVidia Corporation MCP55 Memory Controller (rev a2)
00:0a.0 USB Controller: nVidia Corporation MCP55 USB Controller (rev a1)
00:0a.1 USB Controller: nVidia Corporation MCP55 USB Controller (rev a2)
00:0c.0 IDE interface: nVidia Corporation MCP55 IDE (rev a1)
00:0d.0 IDE interface: nVidia Corporation MCP55 SATA Controller (rev a2)
00:0d.1 IDE interface: nVidia Corporation MCP55 SATA Controller (rev a2)
00:0d.2 IDE interface: nVidia Corporation MCP55 SATA Controller (rev a2)
00:0e.0 PCI bridge: nVidia Corporation MCP55 PCI bridge (rev a2)
00:0e.1 Audio device: nVidia Corporation MCP55 High Definition Audio (rev a2)
00:10.0 Bridge: nVidia Corporation MCP55 Ethernet (rev a2)
00:11.0 Bridge: nVidia Corporation MCP55 Ethernet (rev a2)
00:12.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a2)
00:14.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a2)
00:16.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a2)
00:17.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a2)
00:18.0 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] HyperTransport Technology Configuration
00:18.1 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Address Map
00:18.2 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] DRAM Controller
00:18.3 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Miscellaneous Control
02:00.0 VGA compatible controller: nVidia Corporation NV43 [GeForce 6600 GT] (rev a2)
06:00.0 Mass storage controller: Silicon Image, Inc. SiI 3132 Serial ATA Raid II Controller (rev 01)
==================================================================================================
*** /usr/sbin/lsusb
Bus 002 Device 001: ID 0000:0000
Bus 001 Device 001: ID 0000:0000
==================================================================================================
*** /sbin/lsmod
Module                  Size  Used by
ip6t_REJECT            22272  3
ip6t_LOG               23680  13
xt_pkttype             18560  3
ipt_REJECT             22400  3
ipt_TCPMSS             20864  1
xt_tcpudp              19968  10
ipt_LOG                23296  26
xt_state               18816  37
iptable_mangle         19584  0
iptable_nat            25092  1
ip_nat                 36012  1 iptable_nat
ip6table_mangle        19072  0
ip_conntrack           75164  3 xt_state,iptable_nat,ip_nat
nfnetlink              23368  2 ip_nat,ip_conntrack
ip6table_filter        19584  1
ip6_tables             32328  3 ip6t_LOG,ip6table_mangle,ip6table_filter
bridge                 70432  0
iptable_filter         19712  1
ip_tables              30792  3 iptable_mangle,iptable_nat,iptable_filter
x_tables               30984  11 ip6t_REJECT,ip6t_LOG,xt_pkttype,ipt_REJECT,ipt_TCPMSS,xt_tcpudp,ipt_LOG,xt_state,iptable_nat,ip6_tables,ip_tables
joydev                 27520  0
novfs                 179664  6
cpufreq_ondemand       25232  1
ipv6                  331008  27 ip6t_REJECT
cpufreq_userspace      23552  0
cpufreq_powersave      18432  0
powernow_k8            31648  1
freq_table             22528  1 powernow_k8
snd_pcm_oss            66176  0
snd_mixer_oss          34304  1 snd_pcm_oss
snd_seq                74272  0
snd_seq_device         25616  1 snd_seq
button                 24224  0
battery                27400  0
ac                     22152  0
apparmor               73760  0
aamatch_pcre           30720  1 apparmor
nls_utf8               18688  2
ntfs                  200680  2
loop                   33040  0
dm_mod                 79536  0
snd_hda_intel          39200  0
snd_hda_codec         283264  1 snd_hda_intel
snd_pcm               116488  3 snd_pcm_oss,snd_hda_intel,snd_hda_codec
snd_timer              42504  2 snd_seq,snd_pcm
ide_cd                 57632  0
snd                    83368  8 snd_pcm_oss,snd_mixer_oss,snd_seq,snd_seq_device,snd_hda_intel,snd_hda_codec,snd_pcm,snd_timer
cdrom                  52392  1 ide_cd
soundcore              27296  1 snd
ohci_hcd               36612  0
ehci_hcd               47752  0
usbcore               149288  3 ohci_hcd,ehci_hcd
snd_page_alloc         26896  2 snd_hda_intel,snd_pcm
forcedeth              42116  0
parport_pc             56680  1
lp                     29640  0
parport                56460  2 parport_pc,lp
reiserfs              239616  1
edd                    26760  0
fan                    21896  0
thermal                32272  0
processor              50536  2 powernow_k8,thermal
sata_sil24             32516  0
sg                     52136  0
sata_nv                38148  4
libata                144808  2 sata_sil24,sata_nv
amd74xx                31920  0 [permanent]
sd_mod                 37760  7
scsi_mod              168888  3 sg,libata,sd_mod
ide_disk               32768  0
ide_core              165764  3 ide_cd,amd74xx,ide_disk
==================================================================================================
*** /usr/sbin/iptables -L -vn
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    6   504 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
  161 10914 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED LOG flags 6 level 4 prefix `SFW2-IN-ACC-RELATED '
  161 10914 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
  274 26100 input_ext  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 6 level 4 prefix `SFW2-IN-ILL-TARGET '
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    3   144 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU
    0     0 ACCEPT     all  --  xenbr+ xenbr+  0.0.0.0/0            0.0.0.0/0
    3   144 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 6 level 4 prefix `SFW2-FWD-ILL-ROUTING '
    3   144 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:65535 dpt:25
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:25 dpts:1024:65535 flags:!0x17/0x02

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    6   504 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0
  138 44605 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW,RELATED,ESTABLISHED
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 6 level 4 prefix `SFW2-OUT-ERROR '

Chain forward_ext (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 0 LOG flags 6 level 4 prefix `SFW2-FWDext-FWD-RELA'
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 0
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 3 LOG flags 6 level 4 prefix `SFW2-FWDext-FWD-RELA'
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 3
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 11 LOG flags 6 level 4 prefix `SFW2-FWDext-FWD-RELA'
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 11
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 12 LOG flags 6 level 4 prefix `SFW2-FWDext-FWD-RELA'
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 12
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 14 LOG flags 6 level 4 prefix `SFW2-FWDext-FWD-RELA'
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 14
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 18 LOG flags 6 level 4 prefix `SFW2-FWDext-FWD-RELA'
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 18
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 3 code 2 LOG flags 6 level 4 prefix `SFW2-FWDext-FWD-RELA'
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 3 code 2
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 5 LOG flags 6 level 4 prefix `SFW2-FWDext-FWD-RELA'
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 5
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = multicast
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-DEFLT '
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain input_ext (1 references)
 pkts bytes target     prot opt in     out     source               destination
  270 25940 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = broadcast
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 4 LOG flags 6 level 4 prefix `SFW2-INext-ACC-SOURCEQUENCH '
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 4
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 LOG flags 6 level 4 prefix `SFW2-INext-ACC-PING '
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 0 LOG flags 6 level 4 prefix `SFW2-INext-ACC-ICMP '
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 0
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 3 LOG flags 6 level 4 prefix `SFW2-INext-ACC-ICMP '
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 3
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 11 LOG flags 6 level 4 prefix `SFW2-INext-ACC-ICMP '
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 11
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 12 LOG flags 6 level 4 prefix `SFW2-INext-ACC-ICMP '
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 12
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 14 LOG flags 6 level 4 prefix `SFW2-INext-ACC-ICMP '
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 14
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 18 LOG flags 6 level 4 prefix `SFW2-INext-ACC-ICMP '
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 18
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 3 code 2 LOG flags 6 level 4 prefix `SFW2-INext-ACC-ICMP '
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 3 code 2
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 5 LOG flags 6 level 4 prefix `SFW2-INext-ACC-ICMP '
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED icmp type 5
    2    80 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP '
    2    80 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:113 state NEW LOG flags 6 level 4 prefix `SFW2-INext-REJECT '
    0     0 reject_func  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:113 state NEW
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = multicast
    2    80 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
    2    80 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain reject_func (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset
    0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-proto-unreachable
==================================================================================================
*** cat /etc/sysconfig/SuSEfirewall2 | grep -v "^#" | grep -v "^$"
FW_DEV_EXT="any"
FW_DEV_INT=""
FW_DEV_DMZ=""
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="0/0"
FW_PROTECT_FROM_INT="no"
FW_SERVICES_EXT_TCP="smtp"
FW_SERVICES_EXT_UDP=""
FW_SERVICES_EXT_IP=""
FW_SERVICES_EXT_RPC=""
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_DMZ_RPC=""
FW_SERVICES_INT_TCP=""
FW_SERVICES_INT_UDP=""
FW_SERVICES_INT_IP=""
FW_SERVICES_INT_RPC=""
FW_SERVICES_DROP_EXT=""
FW_SERVICES_REJECT_EXT="0/0,tcp,113"
FW_SERVICES_ACCEPT_EXT=""
FW_TRUSTED_NETS=""
FW_ALLOW_INCOMING_HIGHPORTS_TCP=""
FW_ALLOW_INCOMING_HIGHPORTS_UDP=""
FW_FORWARD=""
FW_FORWARD_MASQ=""
FW_REDIRECT=""
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="yes"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="yes"
FW_LOG_LIMIT=""
FW_LOG=""
FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="no"
FW_ALLOW_FW_SOURCEQUENCH=""
FW_ALLOW_FW_BROADCAST_EXT="no"
FW_ALLOW_FW_BROADCAST_INT="no"
FW_ALLOW_FW_BROADCAST_DMZ="no"
FW_IGNORE_FW_BROADCAST_EXT="yes"
FW_IGNORE_FW_BROADCAST_INT="no"
FW_IGNORE_FW_BROADCAST_DMZ="no"
FW_ALLOW_CLASS_ROUTING=""
FW_CUSTOMRULES=""
FW_REJECT=""
FW_HTB_TUNE_DEV=""
FW_IPv6=""
FW_IPv6_REJECT_OUTGOING=""
FW_IPSEC_TRUST="no"
FW_ZONES=""
FW_USE_IPTABLES_BATCH=""
FW_LOAD_MODULES=""
FW_FORWARD_ALWAYS_INOUT_DEV="xenbr+"
FW_SERVICES_ACCEPT_INT=""
FW_SERVICES_ACCEPT_DMZ=""
==================================================================================================
*** cat /etc/sysconfig/network/config | grep -v "^#" | grep -v "^$"
DEFAULT_BROADCAST="+"
GLOBAL_POST_UP_EXEC="yes"
GLOBAL_PRE_DOWN_EXEC="yes"
CHECK_DUPLICATE_IP="no"
DEBUG="no"
USE_SYSLOG="yes"
MODIFY_RESOLV_CONF_DYNAMICALLY="yes"
MODIFY_NAMED_CONF_DYNAMICALLY="no"
MODIFY_RESOLV_CONF_STATIC_DNS=""
CONNECTION_SHOW_WHEN_IFSTATUS="no"
CONNECTION_CHECK_BEFORE_IFDOWN="no"
CONNECTION_CLOSE_BEFORE_IFDOWN="no"
CONNECTION_UMOUNT_NFS_BEFORE_IFDOWN="no"
CONNECTION_SEND_KILL_SIGNAL="no"
MANDATORY_DEVICES=""
WAIT_FOR_INTERFACES="20"
FIREWALL="yes"
LINKLOCAL_INTERFACES="eth*[0-9]|tr*[0-9]|wlan[0-9]|ath[0-9]"
IFPLUGD_OPTIONS="-f -I -b"
FORCE_PERSISTENT_NAMES=yes
NETWORKMANAGER=no
NM_ONLINE_TIMEOUT="0"

NM_DISPATCHER=yes
==================================================================================================
*** cat /etc/sysconfig/sysctl | grep -v "^#" | grep -v "^$"
IP_DYNIP="no"
IP_TCP_SYNCOOKIES="yes"
IP_FORWARD="yes"
IPV6_FORWARD="no"
IPV6_PRIVACY="no"
IPV6_MLD_VERSION=""
DISABLE_ECN="yes"
ENABLE_SYSRQ="no"
DMAPI_PROBE="no"
==================================================================================================
*** cat /etc/sysconfig/network/dhcp | grep -v "^#" | grep -v "^$"
DHCLIENT_BIN=""
DHCLIENT_DEBUG="no"
DHCLIENT_SET_HOSTNAME="yes"
DHCLIENT_MODIFY_RESOLV_CONF="yes"
DHCLIENT_SET_DEFAULT_ROUTE="yes"
DHCLIENT_MODIFY_NTP_CONF="no"
DHCLIENT_MODIFY_NIS_CONF="yes"
DHCLIENT_SET_DOMAINNAME="yes"
DHCLIENT_KEEP_SEARCHLIST="yes"
DHCLIENT_LEASE_TIME=""
DHCLIENT_TIMEOUT="999999"
DHCLIENT_REBOOT_TIMEOUT=""
DHCLIENT_HOSTNAME_OPTION="AUTO"
DHCLIENT_CLIENT_ID=""
DHCLIENT_VENDOR_CLASS_ID=""
DHCLIENT_RELEASE_BEFORE_QUIT="no"
DHCLIENT_SCRIPT_EXE=""
DHCLIENT_UDP_CHECKSUM="yes"
DHCLIENT_ADDITIONAL_OPTIONS=""
DHCLIENT_SLEEP="0"
DHCLIENT_WAIT_AT_BOOT="5"
DHCLIENT_MODIFY_SMB_CONF="yes"
WRITE_HOSTNAME_TO_HOSTS="yes"
==================================================================================================
*** cat /etc/sysconfig/proxy | grep -v "^#" | grep -v "^$"
PROXY_ENABLED="no"
HTTP_PROXY="http://10.76.1.11"
HTTPS_PROXY="http://10.76.1.11"
FTP_PROXY="http://10.76.1.11"
GOPHER_PROXY=""
NO_PROXY="localhost, 127.0.0.1"
==================================================================================================
*** cat /etc/sysconfig/ssh | grep -v "^#" | grep -v "^$"
SSHD_OPTS=""
==================================================================================================
*** catMyConfig
==================================================================================================
*** cat /etc/sysconfig/network/ifcfg-eth-id-00:1a:92:d3:e5:6a
BOOTPROTO='static'
BROADCAST=''
ETHTOOL_OPTIONS=''
IPADDR='192.168.0.50'
MTU=''
NAME='ASUSTeK MCP55 Ethernet'
NETMASK='255.255.255.0'
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='auto'
UNIQUE='rBUF._yp5q40TWoF'
USERCONTROL='no'
_nm_name='bus-pci-0000:00:10.0'
PREFIXLEN=''
==================================================================================================
*** cat /etc/sysconfig/network/ifcfg-eth-id-00:1a:92:d3:f5:27
BOOTPROTO='static'
BROADCAST=''
ETHTOOL_OPTIONS=''
IPADDR='217.14.123.165'
MTU=''
NAME='ASUSTeK MCP55 Ethernet'
NETMASK='255.255.255.0'
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='auto'
UNIQUE='JNkJ._yp5q40TWoF'
USERCONTROL='no'
_nm_name='bus-pci-0000:00:11.0'
PREFIXLEN=''
==================================================================================================
*** cat /etc/sysconfig/network/ifcfg-lo
IPADDR=127.0.0.1
NETMASK=255.0.0.0
NETWORK=127.0.0.0
BROADCAST=127.255.255.255
STARTMODE=onboot
USERCONTROL=no
==================================================================================================
*** /usr/sbin/iwconfig | /usr/bin/sed "s/\(Encryption key:\)\([^o][^f][^f][^ ]*\)\(.*\)/\1xx xxx-xxxx-xxxx-xxxx-xxxx-xxxxxxx\3/"
lo        no wireless extensions.

eth0      no wireless extensions.

eth1      no wireless extensions.

sit0      no wireless extensions.

==================================================================================================
*** /usr/bin/grep -i radio /var/log/boot.msg | /usr/bin/tail -n 5
==================================================================================================
*** /usr/bin/grep -i firmware /var/log/messages | /usr/bin/tail -n 5
==================================================================================================
*** ls -ls /lib/firmware
insgesamt 728
 76 -rw-r--r-- 1 root root  76802 2007-05-03 15:24 ql2100_fw.bin
 84 -rw-r--r-- 1 root root  84566 2007-05-03 15:24 ql2200_fw.bin
124 -rw-r--r-- 1 root root 123170 2007-05-03 15:24 ql2300_fw.bin
132 -rw-r--r-- 1 root root 132978 2007-05-03 15:24 ql2322_fw.bin
200 -rw-r--r-- 1 root root 201900 2007-05-03 15:24 ql2400_fw.bin
112 -rw-r--r-- 1 root root 112494 2007-05-03 15:24 ql6312_fw.bin
==================================================================================================
*** /usr/bin/grep -i persistent /etc/sysconfig/network/config | grep -v "^#" | grep -v "^$"
FORCE_PERSISTENT_NAMES=yes
==================================================================================================
*** /usr/bin/egrep 'eth|ath|wlan|ra' /etc/udev/rules.d/*net_persistent* /etc/udev/rules.d/*persistent-net* | grep -v "^#" | grep -v "^$"
grep: /etc/udev/rules.d/*persistent-net*: Datei oder Verzeichnis nicht gefunden
/etc/udev/rules.d/30-net_persistent_names.rules:# This rules are autogenerated from /lib/udev/rename_netiface.
/etc/udev/rules.d/30-net_persistent_names.rules:# generation. Only if all interfaces get a rule the renaming will work
/etc/udev/rules.d/30-net_persistent_names.rules:SUBSYSTEM=="net", ACTION=="add", SYSFS{address}=="00:1a:92:d3:e5:6a", IMPORT="/lib/udev/rename_netiface %k eth0"
/etc/udev/rules.d/30-net_persistent_names.rules:SUBSYSTEM=="net", ACTION=="add", SYSFS{address}=="00:1a:92:d3:f5:27", IMPORT="/lib/udev/rename_netiface %k eth1"
==================================================================================================
*** /usr/bin/egrep -r 'eth[0-10]|ath[0-10]|wlan[0-10]|ra[0-10]' /etc/modprobe.*|egrep -v '#|blacklist'
/etc/modprobe.conf:install eth0             /bin/true
/etc/modprobe.conf:install eth1             /bin/true
==================================================================================================

[/code]

spoensche · 15 Feb. 2008

wie sehen den die entsprechenden einträge in deiner firewall konfiguration aus?

yast->system->editor /etc/sysconfig

dann netzwerk->firewall->suse2firewall

stichwort FW_ROUTE, FW_MASQUERADE usw.

Anonymous · 15 Feb. 2008

steht doch in der Liste !? ....
siehe *** cat /etc/sysconfig/SuSEfirewall2 | grep -v "^#" | grep -v "^$"

spoensche · 15 Feb. 2008

ups, hab ich überlesen. routing kann bei dir nicht funktionieren.

Code:

FW_DEV_EXT=eth1 (wenn das die schnittstelle zum i-net ist)
FW_DEV_INT=eth0 schnittstelle internes netzwerk
FW_PROTECT_FROM_INT="yes"
FW_MASQ_DEV=$FW_DEV_INT
FW_MASQ_NETS=192.168.0/24

das machst du am besten mit yast->system->editor für /etc/sysconfig dateien.

dann sollte es gehen und von deinem internen netz werden verbindungen nach draußen (i-net) zugelassen.

Anonymous · 15 Feb. 2008

Hi,

erstma danke für die Mühe.
Das mit Deinen Hinweisen leuchtet mir ein. Ich habe folgende werte ergänzt:

Code:

FW_DEV_EXT=eth1 
FW_DEV_INT=eth0 
FW_PROTECT_FROM_INT="yes"
FW_MASQ_DEV=$FW_DEV_INT
FW_MASQ_NETS=192.168.0/24

Deswieteren ist vielleicht nicht ganz angekommen was mein Problem ist. Ich will von außen ( eth1 ) auf Port 25 einer Maschine im 192. Netz.

Also mache ich:

Code:

iptables -A forward_ext -p tcp --sport 1024:65535 --dport 25 -j ACCEPT
#iptables -A FORWARD -p tcp --dport 1024:65535 --sport 25 ! --syn -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 25 -j DNAT --to-destination 192.168.0.18:25

wenn ich jetzt einen telnet auf die ext. Adresse setze kommt nix.

Im Firewalllog kann ich dann lesen:

Code:

kernel: SFW2-FWDext-DROP-DEFLT IN=eth1 OUT=eth0 SRC=81.169.174.250 DST=192.168.0.18 LEN=60 TOS=0x10 PREC=0x00 TTL=53 ID=33222 DF PROTO=TCP SPT=3062 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A3C2B443D0000000001030304)

[/code]

spoensche · 16 Feb. 2008

guck dir mal den eintrag FW_FORWARD u. FW_FORWARD_MASQ an. damit leitest du verkehr weiter.

Probleme mit Routing PORT 25 von eth1 zu eth0

Anonymous

Gast

spoensche

Moderator

Anonymous

Gast

spoensche

Moderator

Anonymous

Gast

spoensche

Moderator