Knockd: Why Sees It Doesn't Work At All?

On week ago I succesfully installed knockd (ver. 0.5.2.i586) for suse.

This package provides knockd binary, some docs and one template file to move and rename in the right direcotory (/etc/syslog/).

After that command <service knockd start/stop> work properly.
When knockd starts it send a message to syslog (/var/log/messages) "Knock listening on interface eth0"
so, I thought, it's all ok...

Well,

when I try to knock with knock client my machine nothing appens. In /var/log/firewall packets are all listed and in the correct order and Iptable rules are not affected by knockd.

It seems like knockd doesn't listen eth0...

Before post this thread i tried to:

- change interface to make listen knockd
- disable all other iterface but eth0
- to change knockd log (I don't know why but I tried)
- to install a previous version (0.5.1.6)
- to disable SuSefirewall

nothing worked


Anyone can help me???

thankyouall

Andrea

While wainting for some good suggestion I found an alternative solution.

So I post here all I 've done to be useful for every other fools charmed by knockd deamon...

1) copy any script to realizy port knocking (I used one found on wikipedia).

2) Trasform each row in a valid iptables command

3) insert all the commands obtained at step (2) in a c-like structure (found in a template for SuSEFirewall)
##### start
fw_custom_before_antispoofing() {

iptables -I .......
iptables -I .......
iptables -I .......
iptables -I .......
iptables -I .......

true
}
######## end

5) save this text file some way you like (any name, whereever you want. I liked to do so: /etc/FW_CUSTOMRULES)

6) open yast and select sysconfig editor

- select the key:
network->Firewall->SuSEfirewall->FW_CUSTOMRULES
and insert here the path to your file (for me /etc/FW_CUSTOMERULES)

7) this is the most important step....

think with gratefulness to a guy you 'll never know....


stop firewall and reboot and enjoy

thank you all

PS.
I don't know why but Suse is very unfriendly if you want to work at low level. It seems to me I'm oblied to use conf tools.... but maybe It's only I'm a newbe

anyway this is my port knocking addon for SUseFireWall.. enjoy


fw_custom_before_antispoofing() {

iptables -N kc
iptables -N kc1
iptables -N kc2

iptables -I INPUT -m state --state NEW -p tcp --dport 22 -m recent --rcheck --name portKnock --seconds 10 -j kc
iptables -I INPUT -m state --state NEW -p tcp --dport 108 -m recent --name portKnock2 --set -j DROP
iptables -I INPUT -m state --state NEW -p tcp --dport 208 -m recent --rcheck --name portKnock2 --seconds 10 -j kc1
iptables -I INPUT -m state --state NEW -p tcp --dport 308 -m recent --rcheck --name portKnock1 --seconds 10 -j kc2

iptables -I kc -m recent --name portKnock --remove -j ACCEPT

iptables -I kc1 -m recent --name portKnock2 --remove
iptables -I kc1 -m recent --name portKnock1 --set -j DROP

iptables -I kc2 -m recent --name portKnock1 --remove
iptables -I kc2 -m recent --name portKnock --set -j DROP

iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 107 -m recent --name portKnock2 --remove -j DROP
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 109 -m recent --name portKnock2 --remove -j DROP
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 207 -m recent --name portKnock1 --remove -j DROP
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 209 -m recent --name portKnock1 --remove -j DROP
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 307 -m recent --name portKnock --remove -j DROP
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 309 -m recent --name portKnock --remove -j DROP


true
}

found the scripts at:
http://www.neep.co.uk/?tab=Projects&...ort%20Knocking