by Hi,
On my Suse Linux 7.0 Pro IP-Filter I have the problem, that services like
ssh, ftp from a remote machine to the firewall take a long time to work (1
minute) - once they work, all is fine.
I have the same problem if i try "telnet <ip> port" from the firewall to
another machine (at least I can not connect my DMZ via ssh when the firewall
is up - but maybe this should be another mailing)
Till now it was not realy a problem, I used to wait, but now I have a
Timeout-Problem with a "forward", which has to be solved.
If I stop the Firewall (no ipchain-ruleset) the problem still exists - so I
dont think it can not realy be a Firwall-Problem, but on the other Hand I
have manny of following entries in my logfiles:
May 30 13:20:13 lilo kernel: Packet log: output DENY eth0 PROTO=1
212.152.157.84:3 195.70.224.62:3 L=101 S=0xC0 I=1639 F=0x0000 T=255 (#3)
I know them (from Manfred Bartz) as
ICMP Type .....= 3 = Destination Unreachable
ICMP Code .....= 3 = Port Unreachable
195.70.224.62 is my NameServer
I try to configure everything with the SuseFireWallSrcipt, in addition to
this I allow:
echo-reply, destination-unreachable, time-exceeded, parameter-problem
with: ipchains -A input -i eth1 -p icmp --icmp-type
"destination-unreachable" -j ACCEPT
eth0, eth1, input, output - nothing changed my log...
can anybody help me with that? - Would be great,
Thanks in advance, Fritz