[fli4l] Frage zur ?==?utf-8?Q?Firewall (Input-Chain)

[Stefan Sauer]

Moin,

kurz gesagt, geht es mit der Entwicklerversion (4.0) nicht.

Parameter v bestätigt eigentlich auch nur meine Feststellungen:

dell 4.0.0-r40848-testing # plink -v -N -D 7070 root at 192.168.1.32
Looking up host "192.168.1.32"
Connecting to 192.168.1.32 port 22
Server version: SSH-2.0-OpenSSH_6.2p2-hpn13v14
FreeBSD-openssh-portable-6.2.p2_3,1
Using SSH protocol version 2
We claim version: SSH-2.0-PuTTY_Release_0.62
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-dss 2048 b2:d0:99:cb:6e:b2:53:95:4d:f6:b3:02:1d:bc:36:db
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Using username "root".
root at 192.168.1.32's password: 
Sent password
Access granted
Local port 7070 SOCKS dynamic forwarding failed: Cannot assign requested
address

Mache ich das von einem normalen Linux-Host, aber mit dem gleichen
SSH-Ziel, geht es:

root at banane:~# ssh -v -N -D 7070 root at 192.168.1.32
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.1.32 [192.168.1.32] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
debug1: Remote protocol version 2.0, remote software version
OpenSSH_6.2p2-hpn13v14 FreeBSD-openssh-portable-6.2.p2_3,1
debug1: match: OpenSSH_6.2p2-hpn13v14
FreeBSD-openssh-portable-6.2.p2_3,1 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm at openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm at openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: DSA
b2:d0:99:cb:6e:b2:53:95:4d:f6:b3:02:1d:bc:36:db
The authenticity of host '192.168.1.32 (192.168.1.32)' can't be
established.
DSA key fingerprint is b2:d0:99:cb:6e:b2:53:95:4d:f6:b3:02:1d:bc:36:db.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.32' (DSA) to the list of known
hosts.
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: Next authentication method: password
root at 192.168.1.32's password: 
debug1: Authentication succeeded (password).
Authenticated to 192.168.1.32 ([192.168.1.32]:22).
debug1: Local connections to LOCALHOST:7070 forwarded to remote address
socks:0
debug1: Local forwarding listening on ::1 port 7070.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 7070.
debug1: channel 1: new [port listener]
debug1: Requesting no-more-sessions at openssh.com
debug1: Entering interactive session.

Gruss,
gandalf