Anzeige:
Ergebnis 1 bis 7 von 7

Thema: Port 5000 für Openvpn freischalten

  1. #1
    Registrierter Benutzer
    Registriert seit
    Jul 2002
    Beiträge
    21

    Port 5000 für Openvpn freischalten

    Hallo,

    ich habe hier einen Server (Suse 9.2) und einen Client (Suse 9.2) die eine Verbindung über Openvpn (1.6.) aufbauen.
    Dafür habe ich in der Config-datei jeweils den Port 5000 angeben.
    Die Verbindung funktioniert auch.
    Nur einen Ping kann ich nur machen, wenn ich die Suse-Firewall komplett abschalte (auf beiden Seiten).
    Ich habe schon versucht in der Suse-Firewall, jeweils über zusätzliche Dienste, den UDP-Dienst 5000 frei zugeben. Leider bisher ohne Erfolg.
    Kann mir jemand weiterhelfen?

    Danke
    combino

  2. #2
    Learyaner Avatar von maomakmaa
    Registriert seit
    Jul 2003
    Beiträge
    267
    Moin,
    bei der Suse machst Du das am besten über Yast. Unter Sicherheit und Benutzer kannst Du die Firewall konfigurieren, und im 2ten Schritt im Dialog ( glaube zumindest das es der 2te ist ) findest Du einen Button der auf " Experten " hört. Dahinter kannst Du Ports öffnen.
    Doch obacht, Yast überschreibt beim Speichern alle eventuell vorgenommenen Änderungen die Du manuell in der Config vorgenommen hast, ist halt der Haken an Yast.

    Viel Spass beim basteln

    Sorry wegen der folgenden sinnlosen Smileys, doch meine Kinder bestehen drauf das es hier bunter wird, und man kann die Kleinen ja gar nich früh genug .... *g*

  3. #3
    Registrierter Benutzer
    Registriert seit
    Jul 2002
    Beiträge
    21
    Hallo,

    deinen Vorschlag habe ich doch schon gemacht, wie ich in
    meinen Erstposting beschrieben habe. Es funktioniert leider
    nicht.
    Trotzdem danke.
    combino

  4. #4
    LinuxDAU
    Registriert seit
    Dec 2002
    Beiträge
    221
    Öffne mal eine Konsole, werde root und poste mal die Ausgabe von
    Code:
    iptables -L
    Die Verbindung funktioniert auch.
    Nur einen Ping kann ich nur machen, wenn ich die Suse-Firewall komplett abschalte (auf beiden Seiten).
    Dann hast Du den Port auch freigegeben...
    Warum willst Du denn einen Ping senden, wenn die Verbindung klappt?
    Die Einstellungen um den Ping "freizugeben", sollte bei der Firewall eventuell unter ICMP aufgeführt sein.
    Geändert von Harkan (23.03.05 um 16:00 Uhr)

  5. #5
    Registrierter Benutzer
    Registriert seit
    Jul 2002
    Beiträge
    21
    Hallo,

    Ausgabe von iptables -L
    Chain INPUT (policy DROP)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
    input_ext all -- anywhere anywhere
    input_int all -- anywhere anywhere
    LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tc
    p-options ip-options prefix `SFW2-IN-ILL-TARGET '
    DROP all -- anywhere anywhere

    Chain FORWARD (policy DROP)
    target prot opt source destination
    TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
    TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
    forward_ext all -- anywhere anywhere
    forward_int all -- anywhere anywhere
    LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tc
    p-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
    DROP all -- anywhere anywhere

    Chain OUTPUT (policy DROP)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp time-exceeded L
    OG level warning tcp-options ip-options prefix `SFW2-OUT-TRACERT-ATTEMPT '
    ACCEPT icmp -- anywhere anywhere icmp time-exceeded
    ACCEPT icmp -- anywhere anywhere icmp port-unreachable
    ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
    ACCEPT icmp -- anywhere anywhere icmp network-prohibited
    ACCEPT icmp -- anywhere anywhere icmp host-prohibited
    ACCEPT icmp -- anywhere anywhere icmp communication-prohibited
    DROP icmp -- anywhere anywhere icmp destination-unreachable
    ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
    LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tc
    p-options ip-options prefix `SFW2-OUT-ERROR '

    Chain forward_dmz (0 references)
    target prot opt source destination
    LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG le
    vel warning tcp-options ip-options prefix `SFW2-FWDdmz-DROP-DEFLT-INV '
    DROP all -- anywhere anywhere state INVALID
    ACCEPT icmp -- anywhere anywhere state RELATED icmp destination-unreachable
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
    ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:SYN,RST,AC
    K/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDdmz-DROP-DEFLT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp source-quench L
    OG level warning tcp-options ip-options prefix `SFW2-FWDdmz-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp redirect LOG le
    vel warning tcp-options ip-options prefix `SFW2-FWDdmz-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp echo-request LO
    G level warning tcp-options ip-options prefix `SFW2-FWDdmz-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp timestamp-reque
    st LOG level warning tcp-options ip-options prefix `SFW2-FWDdmz-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp address-mask-re
    quest LOG level warning tcp-options ip-options prefix `SFW2-FWDdmz-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp type 2 LOG leve
    l warning tcp-options ip-options prefix `SFW2-FWDdmz-DROP-ICMP-CRIT '
    LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tc
    p-options ip-options prefix `SFW2-FWDdmz-DROP-DEFLT '
    DROP all -- anywhere anywhere

    Chain forward_ext (1 references)
    target prot opt source destination
    LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG le
    vel warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT-INV '
    DROP all -- anywhere anywhere state INVALID
    ACCEPT icmp -- anywhere anywhere state RELATED icmp destination-unreachable
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
    ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:SYN,RST,AC
    K/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp source-quench L
    OG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp redirect LOG le
    vel warning tcp-options ip-options prefix `SFW2-FWDext-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp echo-request LO
    G level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp timestamp-reque
    st LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp address-mask-re
    quest LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp type 2 LOG leve
    l warning tcp-options ip-options prefix `SFW2-FWDext-DROP-ICMP-CRIT '
    LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tc
    p-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
    DROP all -- anywhere anywhere

    Chain forward_int (1 references)
    target prot opt source destination
    LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG le
    vel warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT-INV '
    DROP all -- anywhere anywhere state INVALID
    ACCEPT icmp -- anywhere anywhere state RELATED icmp destination-unreachable
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
    ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:SYN,RST,AC
    K/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp source-quench L
    OG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp redirect LOG le
    vel warning tcp-options ip-options prefix `SFW2-FWDint-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp echo-request LO
    G level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp timestamp-reque
    st LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp address-mask-re
    quest LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp type 2 LOG leve
    l warning tcp-options ip-options prefix `SFW2-FWDint-DROP-ICMP-CRIT '
    LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tc
    p-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
    DROP all -- anywhere anywhere

    Chain input_dmz (0 references)
    target prot opt source destination
    DROP all -- anywhere anywhere PKTTYPE = broadcast
    ACCEPT icmp -- anywhere anywhere icmp source-quench
    ACCEPT icmp -- anywhere anywhere icmp echo-request
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-un
    reachable
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-prob
    lem
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-repl
    y
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-r
    eply
    LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG le
    vel warning tcp-options ip-options prefix `SFW2-INdmz-DROP-DEFLT-INV '
    DROP all -- anywhere anywhere state INVALID
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:SYN,RST,AC
    K/SYN LOG level warning tcp-options ip-options prefix `SFW2-INdmz-DROP-DEFLT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp source-quench L
    OG level warning tcp-options ip-options prefix `SFW2-INdmz-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp redirect LOG le
    vel warning tcp-options ip-options prefix `SFW2-INdmz-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp echo-request LO
    G level warning tcp-options ip-options prefix `SFW2-INdmz-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp timestamp-reque
    st LOG level warning tcp-options ip-options prefix `SFW2-INdmz-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp address-mask-re
    quest LOG level warning tcp-options ip-options prefix `SFW2-INdmz-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp type 2 LOG leve
    l warning tcp-options ip-options prefix `SFW2-INdmz-DROP-ICMP-CRIT '
    LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tc
    p-options ip-options prefix `SFW2-INdmz-DROP-DEFLT '
    DROP all -- anywhere anywhere

    Chain input_ext (1 references)
    target prot opt source destination
    DROP all -- anywhere anywhere PKTTYPE = broadcast
    ACCEPT icmp -- anywhere anywhere icmp source-quench
    ACCEPT icmp -- anywhere anywhere icmp echo-request
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-un
    reachable
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-prob
    lem
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-repl
    y
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-r
    eply
    LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG le
    vel warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV '
    DROP all -- anywhere anywhere state INVALID
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:rsync flags:
    SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:rsync
    reject_func tcp -- anywhere anywhere tcp dpt:ident state NEW
    ACCEPT udp -- anywhere anywhere udp dpt:commplex-main
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:SYN,RST,AC
    K/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp source-quench L
    OG level warning tcp-options ip-options prefix `SFW2-INext-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp redirect LOG le
    vel warning tcp-options ip-options prefix `SFW2-INext-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp echo-request LO
    G level warning tcp-options ip-options prefix `SFW2-INext-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp timestamp-reque
    st LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp address-mask-re
    quest LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp type 2 LOG leve
    l warning tcp-options ip-options prefix `SFW2-INext-DROP-ICMP-CRIT '
    LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tc
    p-options ip-options prefix `SFW2-INext-DROP-DEFLT '
    DROP all -- anywhere anywhere

    Chain input_int (1 references)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere
    ACCEPT icmp -- anywhere anywhere icmp source-quench
    ACCEPT icmp -- anywhere anywhere icmp echo-request
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-un
    reachable
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-prob
    lem
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-repl
    y
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-r
    eply
    LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG le
    vel warning tcp-options ip-options prefix `SFW2-INint-DROP-DEFLT-INV '
    DROP all -- anywhere anywhere state INVALID
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-DEFLT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp source-quench LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp redirect LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp echo-request LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp timestamp-request LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp address-mask-request LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-ICMP-CRIT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp type 2 LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-ICMP-CRIT '
    LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-DEFLT '
    DROP all -- anywhere anywhere

    Chain reject_func (1 references)
    target prot opt source destination
    REJECT tcp -- anywhere anywhere reject-with tcp-reset
    REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
    REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
    Geändert von combino (23.03.05 um 16:30 Uhr)

  6. #6
    Learyaner Avatar von maomakmaa
    Registriert seit
    Jul 2003
    Beiträge
    267
    Hmm, ich kann keinen Fehler finden, zumindest auf den ersten Blick. Das wird sicher wieder irgend so ein Winzfehler sein.
    Kannst Du denn ins Web pingen ?
    A mind is like a parachute. It doesn't work if it's not open. (FZ)

  7. #7
    Registrierter Benutzer
    Registriert seit
    Jul 2002
    Beiträge
    21
    Hallo maomakmaa,

    ins Web pingen kann ich noch nicht, soweit bin ich leider noch nicht.
    Ich versuche zur Zeit eine rsync-Verbindung zum Server aufzubauen.
    Diese funktioniert auch nur wenn ich die FW komplett abschalte.
    Obwohl ich auch in der FW rsync frei geschalten habe.

    combino

Ähnliche Themen

  1. Deutsches OpenVPN howto
    Von DaGrrr im Forum Hier Suchen und Finden, Links, Tutorials
    Antworten: 5
    Letzter Beitrag: 04.04.06, 19:47
  2. Sambaserver in der Dreambox taucht nicht in der Netzwerkumgebung auf
    Von fuchs im Forum Linux in heterogenen Netzen
    Antworten: 11
    Letzter Beitrag: 07.02.06, 12:46
  3. Wurm führt zu massiven Störungen im Internet heute Samstag 25.1.03
    Von RapidMax im Forum Meldungen und Mitglieder
    Antworten: 73
    Letzter Beitrag: 27.01.03, 21:30
  4. T-DSL-Unterstützung von SuSE 8.0 - Schrott ?
    Von okmog im Forum Anbindung an die Aussenwelt
    Antworten: 4
    Letzter Beitrag: 04.05.02, 23:02
  5. Antworten: 9
    Letzter Beitrag: 17.04.02, 14:49

Lesezeichen

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •