I get this error while trying to manage the firewall from a win32 machine. I looks as if I am loosing ssh access. I do have ssh accepted in the global policy.
Summary:* firewall name : router-fw
* user name : root
* management address : 192.168.1.1
* platform : iptables
* host OS : linux24
* Loading configuration from file C:/Documents and Settings/Mike/fw-router.fwb
Copying C:/Documents and Settings/Mike/router-fw.fw -> /etc/firewall
SSH terminated, exit status: 0
Running command 'C:/putty/plink.exe -ssh -pw XXXXXX -v email@example.com
echo '--**--**--'; sh /etc/firewall/router-fw.fw && echo 'Policy activated'; /sbin/shutdown -c
Server version: SSH-1.99-OpenSSH_3.5p1
We claim version: SSH-2.0-PuTTY-Release-0.55
Using SSH protocol version 2
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange
Host key fingerprint is:
ssh-rsa 1024 af:7d:72:54:4a:55:f9:22:e1:95:ff:f0:30:85:0a:af
Initialised AES-256 client->server encryption
Initialised AES-256 server->client encryption
Using username "root".
Keyboard-interactive authentication refused
Opened channel for session
Started a shell/command
+ export PATH
+ ip link ls
+ INTERFACES=eth0 eth1 lo
+ ip link show eth0
+ ip link show eth1
+ test XACCEPT = XChain
+ read c chain rest
Network error: Software caused connection abort
FATAL ERROR: Network error: Software caused connection abort
SSH terminated, exit status: 1
it looks like the session breaks when the script flushes iptables chains. Usually the session survives if a rule permitting ssh access is installed fast enough.
Try to activate backup ssh access option (look in the "Compiler" tab of the firewall settings dialog) and turn off debugging in the script. Backup rule is added on top of the policy so it will be added sooner. Using debugging in the script forces it to print a lot of information, which it can't do if ssh session is blocked after all chains have been flushed. Try to turn debugging off.
Turning off debugging fixed the issue. Thank you very much for your help and the AWESOME program....
You will go somewhere with this !!
Log in to post a comment.