I found a for me strange issue and need help to dig a little bit into
because I'm running out of knowledge.
Pls. don't comment the use of commercial firewalls on Linux ;-)
Running a Check Point Firewall (NG FP-2) on Linux (RHL kernel
2.4.9-31, OpenSSH 2.9 and 3.1) this loads its big firewall module
into the kernel.
how can I check, which kernel network hooks it use? Are there any
Now further on...
"No problem" scenario:
Linux is IPv4-only, openssh bound to 0.0.0.0, incoming SSH traffic is
accepted and CP state table is updated
Linux has ipv6 module loaded, openssh bound to ::, now following
incoming SSH traffic (still IPv4) is accepted, CP updates the initial
connection timer but never update its state table to state
"established". The initial timer is still updated after each
keystroke, but if timeout occurs (default 60s), the connection will
Looks like CP never sees (or recognizes) packets leaving the
firewalled host from a dual-stack application.
Can I trace such issues? Is there a toolset available which shows me
which way a packet run in network kernel?
BTW: incoming SSH traffic via IPv6 is completly unrecognized and
therefore quietly accepted. Looks like CP never sees or recognize
incoming IPv6 packets at all - same issue, if on a IPv4-netfiltererd
box the IPv6-netfilter was forgotten...