Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 11 Oct 2006 22:53:28 +0100
From:      "Spiros Papadopoulos" <>
Subject:   Problems with ipfw and ssh
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help

I am trying to configure a firewall using ipfw for a machine running FreeBSD
Without NAT.

I am nearly a newbie on this (since i never had time until now..) but still
i believe i understand exactly the
concepts and what needs to be done.
Except the manual page and chapter 26.1 in the handbook I am using good
references such as:

I need to connect remotely to the machine using ssh and this is where i get
the problem:

Initially i can connect properly using a normal user account.
When later i am trying to su to root it does nothing and the connection

I have ipfw enabled in the kernel to deny everything by default.
I have used both (one at a time) the following rules concerning ssh, in
and also other combinations, such as taking off setup and keep-state etc etc
which would then make my firewall stateless as far as i understood, which is
something i don't want anyway.

${addcmd} 300 allow log logamount 5 tcp from any to me 22 setup keep-state
${addcmd} 300 allow log logamount 5 tcp from any to any ssh keep-state

In a first investigation (not thorough) i found this post:
where from, i cannot realize what is wrong or how to fix this.

I run the sshd in debug mode and below is the portion, for when i am trying
to su to root

/* sshd -d */
Write failed: Permission denied
debug1: do_cleanup
debug1: PAM: cleanup
debug1: do_cleanup
debug1: PAM: cleanup
debug1: session_pty_cleanup: session 0 release /dev/ttyp7

And here are related logs:

/* line from /var/log/messages */
Oct 11 20:25:54 username sshd[26251]: fatal: Write failed: Permission denied

/* /var/log/auth.log */
Sep 26 11:17:34 username sshd[50073]: Connection from port
Sep 26 11:17:46 username sshd[50073]: Accepted keyboard-interactive/pam for
user from port 1545 ssh2
Sep 26 10:17:49 username su: user to root on /dev/ttyp4
Sep 26 11:17:51 username sshd[50068]: Read error from remote host Connection reset by peer
Sep 26 13:29:40 username sshd[50076]: Read error from remote host Operation timed out

Is it trying to write to a
socket? I cannot see what is trying to do and the permission is denied
(of course maybe it is in front of me..but..)
Could anyone please advice?

Thanks in advance

Want to link to this message? Use this URL: <>