|
While
searching through the FW-1 mailing list archives. I found this and it
sounds a lot like the problem I am having. Anyone familiar with
it?
Sounds like your Linux box is being
subjected to a session auth rule.
When FireWall-1 performs a session auth, it contacts the machine that is originating the connection at port 261. Since you are not running a Session Auth agent, it's not going to let you through. Ping is working because of the "Enable ICMP" checkbox in the properties (which may be listed as "First"). Go download my session authentication agent off my FAQ page. I developed it on Linux and should work fine for you (though you have to run the agent as root because of the low TCP port). -- PhoneBoy >Hi, > >we have just setup a tiny Linux machine to run some automated tasks >towards the internet. But apparently I don't seem to be able to get >FW-1 configured so that it allows me out from the linux box. > >I have added the Linux box's IP address to the list of computers, >and added it to a group of windows pcs which have full access >through the firewall. This basically means: > >list-of-pcs any any-service > >From the Linux box I can ping to any site on the net, but as >soon as I try something else (ftp, telnet, traceroute, ...) >nothing happens. FW-1 reports the following type of message: > >... daemon useralert proto tcp src my-linux-box dst target-internet-site >service ftp s_port 1174 rule 10 reason connection to session agent failed. > >Rule 10 appears to be a rule of the type: >allusers@local_domain any ftp http ... > >1) since my pc has full access towards the internet, and since I don't > have the authentication agent running, FW-1 is letting me through > solely based on my IP address. Right? >2) the linux box is configured identically to my pc, but apparently > doesn't get thtough. ??? >3) rule 10 appears to be related to users, but I thought that users were > only needed when using an agent on the pc. -- Dameon D. Welch [EMAIL PROTECTED] a.k.a. "PhoneBoy" http://www.phoneboy.com FireWall-1 FAQs are at http://www.phoneboy.com/fw1 The views herein may not be those of my employer. Fnord. |
- Logging to mysql Laurent Butti
- Re: Logging to mysql gilles
- RE: Logging to mysql Tony Carter
- Re: Logging to mysql Devdas Bhagat
- Checkpoint issues with linux Jason Lewis
- Re: Checkpoint issues with linux Willie
- RE: Checkpoint issues with linux Jason Lewis
- RE: Checkpoint issues with linux Tony Carter
- Logging to mysql lists
