Problems with ipfw and ssh
spap13 at googlemail.com
Thu Oct 12 10:50:45 PDT 2006
On 12/10/06, Garrett Cooper <youshi10 at u.washington.edu> wrote:
>Based on all the docs I've read about using ipfw, you should put
>"ipfw allow all any from any via lo0" somewhere at the top of your
>script so all traffic can and will be sent via lo0.
I think you are talking about the line below, is this right?
/sbin/ipfw -q add 50 allow all from any to any via lo0
It is there.. this is the first line to be met by packets in my
it is also one of the default rules coming in /etc/rc.firewall script
...where i copied it from.
On 12/10/06, *Chris - WEBignite* <sales at webignite.net> wrote:
>I've actually just started seeing this same error. I do have a rule set for
>local 127.0.0.1 and an allow for layer2 traffic.
>Oct 11 23:59:02 firewall sshd: fatal: Write failed: Permission
>I get this error when updating my firewall rules via ssh. Any current ssh
>connections are dropped, but I'm able to reinitiate a new connection
Could you please let me know what FreeBSD version you are using?
On 12/10/06, *Giorgos Keramidas* <keramida at ceid.upatras.gr> wrote:
>Yes. See above. The `ipfw -d show' command shown there was
>after I looped using SSH from my workstation to another system
>and back again.
>> Sorry i will not be able to reply again tonight
>No problem. Take your time. There is definitely a logical
>explanation why this is happening, even if that explanation is
>`there is a bug in ipfw and 5.4' :)
I turned on the laptop and now everything is working again, as i initially
described (I don't have a clue of what happened yesterday)
I can ssh the machine as a normal user but cannot su to root.
When trying, (from a win machine) with putty it freezes immediately after i
enter the root password
and the message below is produced on the freebsd box
Oct 12 17:58:52 user sshd: fatal: Write failed: Permission denied
It is sshd that produces the above, but still i cannot identify what is it
trying to do and why permission is denied.
I have the option PermitRootLogins=No in my /etc/ssh/sshd_config file, but
it was working properly before I enable ipfw
Do you think it is a good idea to take ipfw out of the kernel and try
enabling it from /etc/rc.conf?
Anyway i think i should wait a little more before i proceed with this
Do you think that this is a bug?
Thanks in advance
More information about the freebsd-questions