[Fwknop-discuss] no fknop rules created for Ubuntu 10.04 on Virtuozzo

Carlo Capocasa Thu, 01 Mar 2012 00:05:38 -0800

Hi,

thanks for making fwknop!


I'm attempting to use fwknop 2.0 on a Virtuozzo based virtual host.

On sending a packet, fwknopd says:

  Added jump rule from chain: INPUT to chain: FWKNOP_INPUT
  Added Rule to FWKNOP_INPUT for 92.194.29.143, tcp/22 expires at 1330588447

But the port does not open. After 30s (my timeout), it says:

  Did not find expire comment in rules list 0.

It works fine on my other, Xen based virtual host.

Any help much appreciated.

Cheers! Carlo

----

version

  fwknopd server 2.0

access.conf

  SOURCE: ANY;
  KEY: foobar22;
  FW_ACCESS_TIMEOUT: 30;

fwknopd.conf

  FLUSH_IPT_AT_INIT           Y;
  FLUSH_IPT_AT_EXIT           Y;
  FWKNOP_RUN_DIR              /var/run/fwknop;
  FWKNOP_CONF_DIR             /usr/local/etc/fwknop;
  FWKNOP_PID_FILE             $FWKNOP_RUN_DIR/fwknopd.pid;
  DIGEST_FILE                 $FWKNOP_RUN_DIR/digest.cache;
  FIREWALL_EXE                /sbin/iptables;

./test-fwknop.pl

[build] [client] binary exists......................................pass (1)
[build security] [client] Position Independent Executable (PIE).....pass (2)
[build security] [client] stack protected binary....................pass (3)
[build security] [client] fortify source functions..................pass (4)
[build security] [client] read-only relocations.....................pass (5)
[build security] [client] immediate binding.........................pass (6)
[build] [server] binary exists......................................pass (7)
[build security] [server] Position Independent Executable (PIE).....pass (8)
[build security] [server] stack protected binary....................pass (9)
[build security] [server] fortify source functions..................pass (10)
[build security] [server] read-only relocations.....................pass (11)
[build security] [server] immediate binding.........................pass (12)
[build] [libfko] binary exists......................................pass (13)
[build security] [libfko] stack protected binary....................pass (14)
[build security] [libfko] fortify source functions..................pass (15)
[build security] [libfko] read-only relocations.....................pass (16)
[build security] [libfko] immediate binding.........................pass (17)
[preliminaries] [client] usage info.................................pass (18)
[preliminaries] [client] getopt() no such argument..................pass (19)
[preliminaries] [client] --test mode, packet not sent...............pass (20)
[preliminaries] [client] expected code version......................pass (21)
[preliminaries] [server] usage info.................................pass (22)
[preliminaries] [server] getopt() no such argument..................pass (23)
[preliminaries] [server] expected code version......................pass (24)
[preliminaries] collecting system specifics.........................pass (25)
[basic operations] dump config......................................pass (26)
[basic operations] override config..................................pass (27)
[basic operations] [client] --get-key path validation...............pass (28)
[basic operations] [client] require [-s|-R|-a]......................pass (29)
[basic operations] [client] --allow-ip <IP> valid IP................pass (30)
[basic operations] [client] -A <proto>/<port> specification.........pass (31)
[basic operations] [client] generate SPA packet.....................pass (32)
[basic operations] [server] list current fwknopd fw rules...........pass (33)
[basic operations] [server] list all current fw rules...............pass (34)
[basic operations] [server] flush current firewall rules............pass (35)
[basic operations] [server] start...................................pass (36)
[basic operations] [server] stop....................................pass (37)
[basic operations] [server] write PID...............................pass (38)
[basic operations] [server] --packet-limit 1 exit...................pass (39)
[basic operations] [server] ignore packets < min SPA len (140)......pass (40)
[basic operations] [server] -P bpf filter ignore packet.............pass (41)
[Rijndael SPA] [client+server] complete cycle (tcp/22 ssh)..........fail (42)
[Rijndael SPA] [client+server] packet aging (past) (tcp/22 ssh).....pass (43)
[Rijndael SPA] [client+server] packet aging (future) (tcp/22 ssh)...pass (44)
[Rijndael SPA] [client+server] expired stanza (tcp/22 ssh)..........pass (45)
[Rijndael SPA] [client+server] invalid expire date (tcp/22 ssh).....pass (46)
[Rijndael SPA] [client+server] expired epoch stanza (tcp/22 ssh)....pass (47)
[Rijndael SPA] [client+server] future expired stanza (tcp/22 ssh)...fail (48)
[Rijndael SPA] [client+server] OPEN_PORTS (tcp/22 ssh)..............fail (49)
[Rijndael SPA] [client+server] OPEN_PORTS mismatch..................pass (50)
[Rijndael SPA] [client+server] require user (tcp/22 ssh)............fail (51)
[Rijndael SPA] [client+server] user mismatch (tcp/22 ssh)...........pass (52)
[Rijndael SPA] [client+server] require src (tcp/22 ssh).............fail (53)
[Rijndael SPA] [client+server] mismatch require src (tcp/22 ssh)....pass (54)
[Rijndael SPA] [client+server] IP filtering (tcp/22 ssh)............pass (55)
[Rijndael SPA] [client+server] subnet filtering (tcp/22 ssh)........pass (56)
[Rijndael SPA] [client+server] IP+subnet filtering (tcp/22 ssh).....pass (57)
[Rijndael SPA] [client+server] IP match (tcp/22 ssh)................fail (58)
[Rijndael SPA] [client+server] subnet match (tcp/22 ssh)............fail (59)
[Rijndael SPA] [client+server] multi IP/net match (tcp/22 ssh)......fail (60)
[Rijndael SPA] [client+server] multi access stanzas (tcp/22 ssh)....fail (61)
[Rijndael SPA] [client+server] bad/good key stanzas (tcp/22 ssh)....fail (62)
[Rijndael SPA] [client+server] non-enabled NAT (tcp/22 ssh).........pass (63)
[Rijndael SPA] [client+server] NAT to 192.168.1.2 (tcp/22 ssh)......fail (64)
[Rijndael SPA] [client+server] force NAT 192.168.1.123 (tcp/22 ssh).fail (65)
[Rijndael SPA] [client+server] complete cycle (tcp/23 telnet).......fail (66)
[Rijndael SPA] [client+server] complete cycle (tcp/9418 git)........fail (67)
[Rijndael SPA] [client+server] complete cycle (udp/53 dns)..........fail (68)
[Rijndael SPA] [client+server] -P bpf SPA over port 12345...........fail (69)
[Rijndael SPA] [client+server] random SPA port (tcp/22 ssh).........fail (70)
[Rijndael SPA] [client+server] spoof username (tcp/22)..............pass (71)
[Rijndael SPA] [client+server] replay attack detection..............pass (72)
[Rijndael SPA] [server] digest cache structure......................pass (73)
[Rijndael SPA] [client+server] non-base64 altered SPA data..........pass (74)
[Rijndael SPA] [client+server] base64 altered SPA data..............pass (75)
[Rijndael SPA] [client+server] appended data to SPA pkt.............pass (76)
[Rijndael SPA] [client+server] prepended data to SPA pkt............pass (77)

[+] passed/failed/executed: 60/17/77 tests



------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing 
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss

[Fwknop-discuss] no fknop rules created for Ubuntu 10.04 on Virtuozzo

Reply via email to