Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Oct 2006 13:40:40 +1000
From:      "Mark Jose" <>
To:        "'Spiros Papadopoulos'" <>, <>, <>
Subject:   RE: Problems with ipfw and ssh
Message-ID:  <000101c6edb0$30dacaf0$0400a8c0@maf>
In-Reply-To: <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

Just a suggestion/query: Do you have you localhost/ rules defined
to allow all traffic?


-----Original Message-----
From: []
On Behalf Of Spiros Papadopoulos
Sent: Thursday, 12 October 2006 7:53 AM
Subject: Problems with ipfw and ssh


I am trying to configure a firewall using ipfw for a machine running FreeBSD
Without NAT.

I am nearly a newbie on this (since i never had time until now..) but still
i believe i understand exactly the
concepts and what needs to be done.
Except the manual page and chapter 26.1 in the handbook I am using good
references such as:

I need to connect remotely to the machine using ssh and this is where i get
the problem:

Initially i can connect properly using a normal user account.
When later i am trying to su to root it does nothing and the connection

I have ipfw enabled in the kernel to deny everything by default.
I have used both (one at a time) the following rules concerning ssh, in
and also other combinations, such as taking off setup and keep-state etc etc
which would then make my firewall stateless as far as i understood, which is
something i don't want anyway.

${addcmd} 300 allow log logamount 5 tcp from any to me 22 setup keep-state
${addcmd} 300 allow log logamount 5 tcp from any to any ssh keep-state

In a first investigation (not thorough) i found this post:
where from, i cannot realize what is wrong or how to fix this.

I run the sshd in debug mode and below is the portion, for when i am trying
to su to root

/* sshd -d */
Write failed: Permission denied
debug1: do_cleanup
debug1: PAM: cleanup
debug1: do_cleanup
debug1: PAM: cleanup
debug1: session_pty_cleanup: session 0 release /dev/ttyp7

And here are related logs:

/* line from /var/log/messages */
Oct 11 20:25:54 username sshd[26251]: fatal: Write failed: Permission denied

/* /var/log/auth.log */
Sep 26 11:17:34 username sshd[50073]: Connection from port
Sep 26 11:17:46 username sshd[50073]: Accepted keyboard-interactive/pam for
user from port 1545 ssh2
Sep 26 10:17:49 username su: user to root on /dev/ttyp4
Sep 26 11:17:51 username sshd[50068]: Read error from remote host Connection reset by peer
Sep 26 13:29:40 username sshd[50076]: Read error from remote host Operation timed out

Is it trying to write to a
socket? I cannot see what is trying to do and the permission is denied
(of course maybe it is in front of me..but..)
Could anyone please advice?

Thanks in advance
_______________________________________________ mailing list
To unsubscribe, send any mail to ""

Want to link to this message? Use this URL: <$30dacaf0$0400a8c0>