win32 management

2004-10-16
2013-03-05
  • Mike Profitt
    Mike Profitt
    2004-10-16

    I get this error while trying to manage the firewall from a win32 machine. I looks as if I am loosing ssh access. I do have ssh accepted in the global policy.

    Summary:* firewall name : router-fw
    * user name : root
    * management address : 192.168.1.1
    * platform : iptables
    * host OS : linux24
    * Loading configuration from file C:/Documents and Settings/Mike/fw-router.fwb

    Copying C:/Documents and Settings/Mike/router-fw.fw -> /etc/firewall
    --**--**--

    Logged in
    SSH terminated, exit status: 0
    Running command 'C:/putty/plink.exe -ssh -pw XXXXXX -v root@192.168.1.1
    echo '--**--**--'; sh /etc/firewall/router-fw.fw && echo 'Policy activated'; /sbin/shutdown -c
                  '

    Server version: SSH-1.99-OpenSSH_3.5p1
    We claim version: SSH-2.0-PuTTY-Release-0.55
    Using SSH protocol version 2
    Doing Diffie-Hellman group exchange
    Doing Diffie-Hellman key exchange
    Host key fingerprint is:
    ssh-rsa 1024 af:7d:72:54:4a:55:f9:22:e1:95:ff:f0:30:85:0a:af
    Initialised AES-256 client->server encryption
    Initialised AES-256 server->client encryption
    Using username "root".
    Keyboard-interactive authentication refused
    Sent password
    Access granted
    Opened channel for session
    Started a shell/command
    --**--**--
    + PATH=/usr/sbin:/sbin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
    + export PATH
    + va_num=1
    + LSMOD=lsmod
    + MODPROBE=modprobe
    + IPTABLES=iptables
    + IP=ip
    + LOGGER=logger
    + ip link ls
    + echo

    + INTERFACES=eth0 eth1 lo
    + ip link show eth0
    + ip link show eth1
    .
    <clip>
    .
    + test XACCEPT = XChain
    + read c chain rest
    Network error: Software caused connection abort
    FATAL ERROR: Network error: Software caused connection abort
    SSH terminated, exit status: 1

     
    • Vadim Kurland
      Vadim Kurland
      2004-10-17

      it looks like the session breaks when the script flushes iptables chains. Usually the session survives if a rule permitting ssh access is installed fast enough.

      Try to activate backup ssh access option (look in the "Compiler" tab of the firewall settings dialog) and turn off debugging in the script. Backup rule is added on top of the policy so it will be added sooner. Using debugging in the script forces it to print a lot of information, which it can't do if ssh session is blocked after all chains have been flushed. Try to turn debugging off.

       
    • Mike Profitt
      Mike Profitt
      2004-10-18

      Turning off debugging fixed the issue. Thank you very much for your help and the AWESOME program....

      You will go somewhere with this !!

      Good Luck