LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 11-13-2006, 09:25 PM   #1
avonsydow
LQ Newbie
 
Registered: Jan 2004
Location: Auckland, New Zealand
Distribution: SuSe 10.0
Posts: 9

Rep: Reputation: 0
Question Remote Desktop Access Firewall Problem


Hi
I am running Suse 10 in two PCs. I tried to remote access one of them using the other and it does not work unless I stop the firewall. I already set up the firewall when I enabled the Remote Administration (YaST2, Remote Administration). On Firewall settings I opened eth-id-00:08:02:3b::35:ab (DHCP) (the only option available) but it makes not difference.
I would appreciate any help.
Cheers,
Adriano
 
Old 11-13-2006, 11:12 PM   #2
sal_paradise42
Member
 
Registered: Jul 2003
Location: Utah
Distribution: Gentoo FreeBSD 5.4
Posts: 150

Rep: Reputation: 16
never used SuSe, but the lower level program that runs a firewall in Linux is iptables. Can you post the following from the command line "iptables -nL -t filter" ?
 
Old 11-14-2006, 01:59 AM   #3
avonsydow
LQ Newbie
 
Registered: Jan 2004
Location: Auckland, New Zealand
Distribution: SuSe 10.0
Posts: 9

Original Poster
Rep: Reputation: 0
Smile

Here you have it, I hope it makes sense to you.

------
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
input_ext all -- 0.0.0.0/0 0.0.0.0/0
input_ext all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-IN-ILL-TARGET '
DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWD-ILL-ROUTING '

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-OUT-ERROR '

Chain forward_ext (0 references)
target prot opt source destination

Chain input_ext (2 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast udp dpt:137
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast udp dpt:138
DROP all -- 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 4
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3 code 2
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 5
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:5801 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5801
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:5901 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5901
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:445 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:138 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:138
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:137 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:137
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:139 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137
reject_func tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 state NEW
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp spt:445 dpts:1024:65535 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-HIGH '
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:445 dpts:1024:65535
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp spt:137 dpts:1024:65535 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-HIGH '
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:137 dpts:1024:65535
LOG udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 state NEW udp spt:445 dpts:1024:65535 LOG flags 6 level 4 prefix `SFW2-INext-ACC-HiUDP '
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp spt:445 dpts:1024:65535
LOG udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 state NEW udp spt:137 dpts:1024:65535 LOG flags 6 level 4 prefix `SFW2-INext-ACC-HiUDP '
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp spt:137 dpts:1024:65535
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
LOG udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 state INVALID LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT-INV '
DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain reject_func (1 references)
target prot opt source destination
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-proto-unreachable
 
Old 11-14-2006, 10:29 AM   #4
sal_paradise42
Member
 
Registered: Jul 2003
Location: Utah
Distribution: Gentoo FreeBSD 5.4
Posts: 150

Rep: Reputation: 16
hmmm, it seems that the firewall is only accepting certain ports and dropping the rest. Seems that you need this fixed, but not sure what front end software you are using for your firewall. I take it that you want a firewall?
 
Old 11-14-2006, 01:01 PM   #5
avonsydow
LQ Newbie
 
Registered: Jan 2004
Location: Auckland, New Zealand
Distribution: SuSe 10.0
Posts: 9

Original Poster
Rep: Reputation: 0
Hi Sal,
Yes, I want to keep the firewall up. I had this problem before when I was set in up Samba. While I "opened" the firewall using the front end but it did not work. I managed to find some instruction to change the firewall manually to make it work, I suspect this is going to be the same.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
remote desktop to Win2k3 through linux firewall shax Linux - Networking 2 06-08-2012 06:59 AM
access through remote desktop..... ashley_31 Linux - Networking 10 09-14-2006 12:55 PM
Remote Desktop Access winxlinx Linux - Networking 3 02-10-2006 08:28 AM
ssh and other remote access to a firewall. Insane? fipeso Linux - Security 9 05-04-2005 12:37 AM
Remote access behind firewall MicroSun Linux - Networking 7 02-23-2005 02:44 PM


All times are GMT -5. The time now is 09:30 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration