This is my first time trying to set up fwknopd; I'm installing into a new Fedora 13 box. I've been searching the archives and other Web sources, but haven't been able to come across this particular problem. Any assistance would be greatly appreciated.
Essentially, I can get fwknopd to add a rule to the iptables firewall but it fails to remove the rule(s) after they expire. I don't recall seeing this in the instructions, but I found that I had to define the FWKNOP_INPUT chain manually in the iptables configuration, though fwknop takes care of adding the rules itself.
This is pretty much a virgin box, with very little changed other than updating packages with yum and adding a few firewall rules. It's currently on my home network but will be eventually hosted in a proper environment. I mention this because I'm not entirely sure what the correct value of the 'hostname' parameter should be in fwknop.conf; right now I have it set to 'localhost'. That file is essentially unchanged from the RPM install, except that I set the following:
EMAIL_ADDRESS sysadmin@xxxxxx; ENABLE_PROC_IP_FORWARD N; ENABLE_VOLUNTARY_EXITS Y; # have tried with this set 'N' as well LOCALE NONE; ALERTING_METHODS noemail; IPT_EXEC_SLEEP 1; IPT_EXEC_STYLE waitpid; # default, listed in case someone asks
The server is on the local network as: 10.0.1.13 My workstation is the "remote" client: 10.0.1.10
[client]$ fwknop -D 10.0.1.13 -s -A tcp/1001
[+] Starting fwknop client (SPA mode)... [+] Enter an encryption key. This key must match a key in the file /etc/fwknop/access.conf on the remote system.
[+] Building encrypted Single Packet Authorization (SPA) message... [+] Packet fields: