Problems with ipfw and ssh
Spiros Papadopoulos
spap13 at googlemail.com
Wed Oct 11 14:54:00 PDT 2006
Hi,
I am trying to configure a firewall using ipfw for a machine running FreeBSD
5.4.
Without NAT.
I am nearly a newbie on this (since i never had time until now..) but still
i believe i understand exactly the
concepts and what needs to be done.
Except the manual page and chapter 26.1 in the handbook I am using good
references such as:
http://www.freebsd-howto.com/HOWTO/Ipfw-HOWTO
I need to connect remotely to the machine using ssh and this is where i get
the problem:
Initially i can connect properly using a normal user account.
When later i am trying to su to root it does nothing and the connection
closes.
I have ipfw enabled in the kernel to deny everything by default.
I have used both (one at a time) the following rules concerning ssh, in
/etc/ipfw.rules
and also other combinations, such as taking off setup and keep-state etc etc
which would then make my firewall stateless as far as i understood, which is
something i don't want anyway.
${addcmd} 300 allow log logamount 5 tcp from any to me 22 setup keep-state
-
${addcmd} 300 allow log logamount 5 tcp from any to any ssh keep-state
In a first investigation (not thorough) i found this post:
http://www.freebsdforums.org/forums/showthread.php?t=21876
where from, i cannot realize what is wrong or how to fix this.
I run the sshd in debug mode and below is the portion, for when i am trying
to su to root
/* sshd -d */
Write failed: Permission denied
debug1: do_cleanup
debug1: PAM: cleanup
debug1: do_cleanup
debug1: PAM: cleanup
debug1: session_pty_cleanup: session 0 release /dev/ttyp7
And here are related logs:
/* line from /var/log/messages */
Oct 11 20:25:54 username sshd[26251]: fatal: Write failed: Permission denied
/* /var/log/auth.log */
Sep 26 11:17:34 username sshd[50073]: Connection from xxx.xxx.xxx.xx port
1545
Sep 26 11:17:46 username sshd[50073]: Accepted keyboard-interactive/pam for
user from xxx.xxx.xxx.xx port 1545 ssh2
Sep 26 10:17:49 username su: user to root on /dev/ttyp4
Sep 26 11:17:51 username sshd[50068]: Read error from remote host
xxx.xxx.xxx.xx: Connection reset by peer
Sep 26 13:29:40 username sshd[50076]: Read error from remote host
xxx.xxx.xxx.xx: Operation timed out
Is it trying to write to a
socket? I cannot see what is trying to do and the permission is denied
(of course maybe it is in front of me..but..)
Could anyone please advice?
Thanks in advance
Spiros
More information about the freebsd-questions
mailing list