Problems with ipfw and ssh

Spiros Papadopoulos spap13 at googlemail.com
Thu Oct 12 10:50:45 PDT 2006 

Hi again,

On 12/10/06, Garrett Cooper <youshi10 at u.washington.edu> wrote:
>Based on all the docs I've read about using ipfw, you should put
>"ipfw allow all any from any via lo0" somewhere at the top of your
>script so all traffic can and will be sent via lo0.
I think you are talking about the line below, is this right?

/sbin/ipfw -q add 50 allow all from any to any via lo0

It is there.. this is the first line to be met by packets in my
/etc/ifpw.rules script
it is also one of the default rules coming in /etc/rc.firewall script
...where i copied it from.

On 12/10/06, *Chris - WEBignite* <sales at webignite.net> wrote:
>I've actually just started seeing this same error. I do have a rule set for
>local 127.0.0.1 and an allow for layer2 traffic.

>Oct 11 23:59:02 firewall sshd[49200]: fatal: Write failed: Permission
denied

>I get this error when updating my firewall rules via ssh. Any current ssh
>connections are dropped, but I'm able to reinitiate a new connection
without
>trouble.

Could you please let me know what FreeBSD version you are using?

On 12/10/06, *Giorgos Keramidas* <keramida at ceid.upatras.gr> wrote:
>Yes.  See above.  The `ipfw -d show' command shown there was
>after I looped using SSH from my workstation to another system
>and back again.

>> Sorry i will not be able to reply again tonight

>No problem. Take your time. There is definitely a logical
>explanation why this is happening, even if that explanation is
>`there is a bug in ipfw and 5.4' :)

I turned on the laptop and now everything is working again, as i initially
described (I don't have a clue of what happened yesterday)

I can ssh the machine as a normal user but cannot su to root.
When trying, (from a win machine) with putty it freezes immediately after i
enter the root password
and the message below is produced on the freebsd box

Oct 12 17:58:52 user sshd[838]: fatal: Write failed: Permission denied

It is sshd that produces the above, but still i cannot identify what is it
trying to do and why permission is denied.
I have the option PermitRootLogins=No in my /etc/ssh/sshd_config file, but
it was working properly before I enable ipfw

Do you think it is a good idea to take ipfw out of the kernel and try
enabling it from /etc/rc.conf?
Anyway i think i should wait a little more before i proceed with this
Do you think that this is a bug?

Thanks in advance
Spiros

More information about the freebsd-questions mailing list