Installing Policy was not successfull

  • Stefan

    Stefan - 2011-06-15


    My new firewall is based on OpenBSD 4.9 PF and currently I was doing the testing to install firewall policy but not successfull.
    I have configured sudo and test the account to login to the firewall using putty client and successfull, but when I use fwbuilder to install policy, the policy can't be installed and executed successfully.

    Below is the error:

    * Running as user : fwadmin
    * Firewall name : chicago
    * Installer uses user name : fwadmin
    * Management address :
    * Platform : pf
    * Host OS : openbsd
    * Loading configuration from file D:/testingopenbsd49.fwb

    Installation plan:
    Copy file: D://chicago.conf -> /etc/fw/chicago.conf
    Copy file: D://chicago.fw -> /etc/fw/chicago.fw
    Run script echo '-**-**-'; chmod +x /etc/fw/chicago.fw; sudo -S /etc/fw/chicago.fw && (echo 'Policy activated'; sleep 2; echo)

    Copying D://chicago.conf ->
    Running command 'C:/FWBuilder423545/pscp.exe -load fwb_session_with_keepalive -pw XXXXXX -q D://chicago.conf fwadmin@'
    SSH session terminated, exit status: 0
    Copying D://chicago.fw ->
    Running command 'C:/FWBuilder423545/pscp.exe -load fwb_session_with_keepalive -pw XXXXXX -q D://chicago.fw fwadmin@'
    SSH session terminated, exit status: 0
    Running command 'C:/FWBuilder423545/plink.exe -ssh -t -load fwb_session_with_keepalive -pw XXXXXX -v -l fwadmin echo '-**-**-'; chmod +x /etc/fw/chicago.fw; sudo -S /etc/fw/chicago.fw && (echo 'Policy activated'; sleep 2; echo)'
    Looking up host ""
    Connecting to port 22
    Server version: SSH-2.0-OpenSSH_5.8
    We claim version: SSH-2.0-PuTTY_Release_0.60
    Using SSH protocol version 2
    Doing Diffie-Hellman group exchange
    Doing Diffie-Hellman key exchange with hash SHA-256
    Host key fingerprint is:
    ssh-rsa 2048 fe:8c:b6:5b:ee:d5:ad:27:f8:19:17:3c:04:c6:f6:33
    Initialised AES-256 SDCTR client->server encryption
    Initialised HMAC-SHA1 client->server MAC algorithm
    Initialised AES-256 SDCTR server->client encryption
    Initialised HMAC-SHA1 server->client MAC algorithm
    Using username "fwadmin".
    Keyboard-interactive authentication refused
    Sent password
    Access granted
    Opened channel for session
    Logged in
    Allocated pty (ospeed 38400bps, ispeed 38400bps)
    Started a shell/command
    Have you considered trying to match wits with a rutabaga?
    You speak an infinite deal of nothing

    Activating firewall script generated Wed Jun 15 11:57:52 2011 by fwadmin
    net.inet.ip.forwarding: 1 -> 1

    # Adding ip address: vic0 netmask 0xffffff00
    # Adding ip address: vic0 netmask 0xffffffff

    Network error: Software caused connection abort
    FATAL ERROR: Network error: Software caused connection abort
    SSH session terminated, exit status: 1
    Firewall policy installation failed
    The password is correct but I don't understand why the installation was not successfull.
    The firewall mgmt workstation IP is which is already added in the fwbuilder menu.
    The firewall mgmt mgmt interface ip is
    IP address is a NAT ip on vic0 interface

    Thank you in advance.


  • Mike Horn

    Mike Horn - 2011-06-15

    It looks like for some reason Firewall Builder is trying to add the NAT IP twice, but with different netmasks.  Do you have the NAT IP configured as an IP Address object on the firewall's interface?  By default Firewall Builder will add the virtual IP addresses for NAT automatically.  This double configuration may be causing the issue.

    Try either deleting the interface IP object for the NAT IP address OR going into the Firewall Settings -> Script tab and unchecking the option for "Add virtual addresses for NAT".


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks