Mailinglist Archive: opensuse (4570 mails)
| < Previous | Next > |
Re: [SLE] Firewall oddity
- From: Darryl Gregorash <raven@xxxxxxxxxxxxx>
- Date: Fri, 11 Nov 2005 23:09:06 +0000 (UTC)
- Message-id: <4375248A.7000908@xxxxxxxxxxxxx>
On 11/11/2005 01:20 PM, Simon Roberts wrote:
>Root control to Major Tom... OOps, sorry, getting distracted.
>
>I have a somwhat odd situation with the SuSE resident firewall (and/or
>perhaps the Yast tool that configures it).
>
>I run a few servers on my system, including DHCP, DNS, Samba. I
>configured the firewall to allow access to these, and for a while all
>was well. Recently, however, DHCP "just stopped." I traced the problem
>to the firewall blocking the DHCP port. I've tried restarting the
>firewall, and a number of other ways to kick it from Yast, but the only
>way my DHCP works right now is if I turn the firewall off.
>
>Any suggestions? Should I resort to manual (file-based) configuration,
>and if so, where do I start finding out how to do that?
You should not need to dispense with DHCP; where do you need the DHCP
service available, the internal network, or the DMZ? Wherever it is
needed, ensure you open port 67 for INPUT on that interface; I cannot
recall if it is TCP or UDP, so make sure to open both protocols. These
are the variables that may need to be set in the firewall configuration:
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
and
FW_SERVICES_INT_TCP=""
FW_SERVICES_INT_UDP=""
If you are still having problems, please post the outputs of the following:
iptables -L
cat /etc/sysconfig/SuSEfirewall2 | egrep "^[^#]"
cat /etc/sysconfig/network/dhcp | egrep "^[^#]"
>Root control to Major Tom... OOps, sorry, getting distracted.
>
>I have a somwhat odd situation with the SuSE resident firewall (and/or
>perhaps the Yast tool that configures it).
>
>I run a few servers on my system, including DHCP, DNS, Samba. I
>configured the firewall to allow access to these, and for a while all
>was well. Recently, however, DHCP "just stopped." I traced the problem
>to the firewall blocking the DHCP port. I've tried restarting the
>firewall, and a number of other ways to kick it from Yast, but the only
>way my DHCP works right now is if I turn the firewall off.
>
>Any suggestions? Should I resort to manual (file-based) configuration,
>and if so, where do I start finding out how to do that?
You should not need to dispense with DHCP; where do you need the DHCP
service available, the internal network, or the DMZ? Wherever it is
needed, ensure you open port 67 for INPUT on that interface; I cannot
recall if it is TCP or UDP, so make sure to open both protocols. These
are the variables that may need to be set in the firewall configuration:
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
and
FW_SERVICES_INT_TCP=""
FW_SERVICES_INT_UDP=""
If you are still having problems, please post the outputs of the following:
iptables -L
cat /etc/sysconfig/SuSEfirewall2 | egrep "^[^#]"
cat /etc/sysconfig/network/dhcp | egrep "^[^#]"
| < Previous | Next > |