win32 management

  • Mike Profitt

    Mike Profitt - 2004-10-16

    I get this error while trying to manage the firewall from a win32 machine. I looks as if I am loosing ssh access. I do have ssh accepted in the global policy.

    Summary:* firewall name : router-fw
    * user name : root
    * management address :
    * platform : iptables
    * host OS : linux24
    * Loading configuration from file C:/Documents and Settings/Mike/fw-router.fwb

    Copying C:/Documents and Settings/Mike/router-fw.fw -> /etc/firewall

    Logged in
    SSH terminated, exit status: 0
    Running command 'C:/putty/plink.exe -ssh -pw XXXXXX -v root@
    echo '--**--**--'; sh /etc/firewall/router-fw.fw && echo 'Policy activated'; /sbin/shutdown -c

    Server version: SSH-1.99-OpenSSH_3.5p1
    We claim version: SSH-2.0-PuTTY-Release-0.55
    Using SSH protocol version 2
    Doing Diffie-Hellman group exchange
    Doing Diffie-Hellman key exchange
    Host key fingerprint is:
    ssh-rsa 1024 af:7d:72:54:4a:55:f9:22:e1:95:ff:f0:30:85:0a:af
    Initialised AES-256 client->server encryption
    Initialised AES-256 server->client encryption
    Using username "root".
    Keyboard-interactive authentication refused
    Sent password
    Access granted
    Opened channel for session
    Started a shell/command
    + PATH=/usr/sbin:/sbin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
    + export PATH
    + va_num=1
    + LSMOD=lsmod
    + MODPROBE=modprobe
    + IPTABLES=iptables
    + IP=ip
    + LOGGER=logger
    + ip link ls
    + echo

    + INTERFACES=eth0 eth1 lo
    + ip link show eth0
    + ip link show eth1
    + test XACCEPT = XChain
    + read c chain rest
    Network error: Software caused connection abort
    FATAL ERROR: Network error: Software caused connection abort
    SSH terminated, exit status: 1

    • Vadim Kurland

      Vadim Kurland - 2004-10-17

      it looks like the session breaks when the script flushes iptables chains. Usually the session survives if a rule permitting ssh access is installed fast enough.

      Try to activate backup ssh access option (look in the "Compiler" tab of the firewall settings dialog) and turn off debugging in the script. Backup rule is added on top of the policy so it will be added sooner. Using debugging in the script forces it to print a lot of information, which it can't do if ssh session is blocked after all chains have been flushed. Try to turn debugging off.

    • Mike Profitt

      Mike Profitt - 2004-10-18

      Turning off debugging fixed the issue. Thank you very much for your help and the AWESOME program....

      You will go somewhere with this !!

      Good Luck


Log in to post a comment.