Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Oct 2006 18:49:51 +0100
From:      "Spiros Papadopoulos" <spap13@googlemail.com>
To:        "Garrett Cooper" <youshi10@u.washington.edu>, keramida@ceid.upatras.gr,  sales@webignite.net
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Problems with ipfw and ssh
Message-ID:  <dab71e150610121049v48047136s6fdfc64217150eae@mail.gmail.com>
In-Reply-To: <452E5EC9.5010206@u.washington.edu>
References:  <000101c6edb0$30dacaf0$0400a8c0@maf> <008f01c6edd0$3f520c40$0200a8c0@ChrisLaptop> <dab71e150610120215s46bec793q4e6edd00b4a55455@mail.gmail.com> <452E5EC9.5010206@u.washington.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi again,

On 12/10/06, Garrett Cooper <youshi10@u.washington.edu> wrote:
>Based on all the docs I've read about using ipfw, you should put
>"ipfw allow all any from any via lo0" somewhere at the top of your
>script so all traffic can and will be sent via lo0.
I think you are talking about the line below, is this right?

/sbin/ipfw -q add 50 allow all from any to any via lo0

It is there.. this is the first line to be met by packets in my
/etc/ifpw.rules script
it is also one of the default rules coming in /etc/rc.firewall script
...where i copied it from.

On 12/10/06, *Chris - WEBignite* <sales@webignite.net> wrote:
>I've actually just started seeing this same error. I do have a rule set for
>local 127.0.0.1 and an allow for layer2 traffic.

>Oct 11 23:59:02 firewall sshd[49200]: fatal: Write failed: Permission
denied

>I get this error when updating my firewall rules via ssh. Any current ssh
>connections are dropped, but I'm able to reinitiate a new connection
without
>trouble.

Could you please let me know what FreeBSD version you are using?

On 12/10/06, *Giorgos Keramidas* <keramida@ceid.upatras.gr> wrote:
>Yes.  See above.  The `ipfw -d show' command shown there was
>after I looped using SSH from my workstation to another system
>and back again.

>> Sorry i will not be able to reply again tonight

>No problem. Take your time. There is definitely a logical
>explanation why this is happening, even if that explanation is
>`there is a bug in ipfw and 5.4' :)

I turned on the laptop and now everything is working again, as i initially
described (I don't have a clue of what happened yesterday)

I can ssh the machine as a normal user but cannot su to root.
When trying, (from a win machine) with putty it freezes immediately after i
enter the root password
and the message below is produced on the freebsd box

Oct 12 17:58:52 user sshd[838]: fatal: Write failed: Permission denied

It is sshd that produces the above, but still i cannot identify what is it
trying to do and why permission is denied.
I have the option PermitRootLogins=No in my /etc/ssh/sshd_config file, but
it was working properly before I enable ipfw

Do you think it is a good idea to take ipfw out of the kernel and try
enabling it from /etc/rc.conf?
Anyway i think i should wait a little more before i proceed with this
Do you think that this is a bug?

Thanks in advance
Spiros



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?dab71e150610121049v48047136s6fdfc64217150eae>