Can't access internet with SuSE FW2
Hi experts, after numerous unsuccessful tries I guess I need help :-) When ever I activate the SuSE Firewall2 i get blocked when I want to access the internet. Jan 9 22:39:47 tamboti kernel: SuSE-FW-ILLEGAL-TARGET IN=ippp1 OUT= MA C= SRC=194.25.2.129 DST=62.227.40.138 LEN=94 TOS=0x00 PREC=0x00 TTL=60 ID=0 DF PROTO=UDP SPT=53 DPT=1029 LEN=74 This sounds fairly simple but I couldn't figgure out what is wrong... I have attched my settings from /etc/sysconfig/SuSEFirewall2. Hope some one can give me a hint I am lost with this one :( Thanks a lot Michael FW_QUICKMODE="no" FW_DEV_EXT="ppp0" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="0/0" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_SERVICES_QUICK_TCP="" FW_SERVICES_QUICK_UDP="" FW_SERVICES_QUICK_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="no" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="" FW_FORWARD_MASQ="" FW_REDIRECT="" FW_LOG_DROP_CRIT="no" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="no" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="no" FW_CUSTOMRULES="" FW_REJECT="no" FW_HTB_TUNE_DEV="" -- Encrypted eMail welcome! Get my OpenPGP-Key ID: 0xE9B00731 from: wwwkeys.de.pgp.net
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Hoeller
Jan 9 22:39:47 tamboti kernel: SuSE-FW-ILLEGAL-TARGET IN=ippp1 OUT= MA C= SRC=194.25.2.129 DST=62.227.40.138 LEN=94 TOS=0x00 PREC=0x00 TTL=60 ID=0 DF PROTO=UDP SPT=53 DPT=1029 LEN=74
ippp1? are you using isdn? :) what does your routing look like? try route (as root), its output should look like this: knecht:/home/boss # route Kernel IP Routentabelle Ziel Router Genmask Flags Metric Ref Use Iface 217.5.xxx.xxx * 255.255.255.255 UH 0 0 0 ppp0 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 192.168.0.0 * 255.255.255.0 U 0 0 0 eth1 default 217.5.xxx.xxx 0.0.0.0 UG 0 0 0 ppp0 i'm using t-dsl; ppp0 & eth0 are for the dsl-uplink and eth1 is connected to a switch. so ppp0 must be the default-route.
This sounds fairly simple but I couldn't figgure out what is wrong... I have attched my settings from /etc/sysconfig/SuSEFirewall2.
Hope some one can give me a hint I am lost with this one :(
it should work with your fw-config (mine looks similar on a SL 8.0, only big difference is FW_ALLOW_CLASS_ROUTING="yes"). my guess is that something is wrong with your routing. - -- Bastard Administrator in $hell GPG-Key at http://lists.notified.de/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAAGasLMyTO8Kj/uQRAoSDAJ41vb0BItm+pryFSRVsgE/sb0aLVgCePi2t rWFS7fJ1WH/Uf2rgLDxyG/Q= =hVbA -----END PGP SIGNATURE-----
On Sat, Jan 10, 2004 at 09:14:35PM +0100, Michael Hoeller wrote:
Hi experts,
after numerous unsuccessful tries I guess I need help :-)
When ever I activate the SuSE Firewall2 i get blocked when I want to access the internet.
Jan 9 22:39:47 tamboti kernel: SuSE-FW-ILLEGAL-TARGET IN=ippp1 OUT= MA ^^^^^
Your connection to the internet is by ISDN, isn't it?
C= SRC=194.25.2.129 DST=62.227.40.138 LEN=94 TOS=0x00 PREC=0x00 TTL=60 ID=0 DF PROTO=UDP SPT=53 DPT=1029 LEN=74
This sounds fairly simple but I couldn't figgure out what is wrong... I have attched my settings from /etc/sysconfig/SuSEFirewall2.
Hope some one can give me a hint I am lost with this one :(
Thanks a lot Michael
FW_QUICKMODE="no" FW_DEV_EXT="ppp0" ^^^^
This doesn't match the above. Shouldn't this be ippp1? Robert -- Robert Schiele Tel.: +49-621-181-2517 Dipl.-Wirtsch.informatiker mailto:rschiele@uni-mannheim.de
Robert Schiele wrote:
On Sat, Jan 10, 2004 at 09:14:35PM +0100, Michael Hoeller wrote:
Hi experts,
after numerous unsuccessful tries I guess I need help :-)
When ever I activate the SuSE Firewall2 i get blocked when I want to access the internet.
Jan 9 22:39:47 tamboti kernel: SuSE-FW-ILLEGAL-TARGET IN=ippp1 OUT= MA
^^^^^
Your connection to the internet is by ISDN, isn't it?
C= SRC=194.25.2.129 DST=62.227.40.138 LEN=94 TOS=0x00 PREC=0x00 TTL=60 ID=0 DF PROTO=UDP SPT=53 DPT=1029 LEN=74
This sounds fairly simple but I couldn't figgure out what is wrong... I have attched my settings from /etc/sysconfig/SuSEFirewall2.
Hope some one can give me a hint I am lost with this one :(
Thanks a lot Michael
FW_QUICKMODE="no" FW_DEV_EXT="ppp0"
^^^^
This doesn't match the above. Shouldn't this be ippp1?
Upps-- My falt! I missed the "i" this *is* in my file ippp1 sorry! Michael -- Encrypted eMail welcome! Get my OpenPGP-Key ID: 0xE9B00731 from: wwwkeys.de.pgp.net
Hi all, I have update my config but I still can't acces the INet when the firewall is up. No problems without the firwall. I am really lost and have no idea what else to check -- maybe someone has an idea or sees what I over see?? Thanks a lot Michael Michael Hoeller wrote:
Robert Schiele wrote:
On Sat, Jan 10, 2004 at 09:14:35PM +0100, Michael Hoeller wrote:
Hi experts,
after numerous unsuccessful tries I guess I need help :-)
When ever I activate the SuSE Firewall2 i get blocked when I want to access the internet.
Your connection to the internet is by ISDN, isn't it?
C= SRC=194.25.2.129 DST=62.227.40.138 LEN=94 TOS=0x00 PREC=0x00 TTL=60 ID=0 DF PROTO=UDP SPT=53 DPT=1029 LEN=74
FW_QUICKMODE="no" FW_DEV_EXT="ippp0" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="0/0" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_SERVICES_QUICK_TCP="" FW_SERVICES_QUICK_UDP="" FW_SERVICES_QUICK_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="no" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="" FW_FORWARD_MASQ="" FW_REDIRECT="" FW_LOG_DROP_CRIT="no" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="no" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="no" FW_CUSTOMRULES="" FW_REJECT="no" FW_HTB_TUNE_DEV=""
-- Encrypted eMail welcome! Get my OpenPGP-Key ID: 0xE9B00731 from: wwwkeys.de.pgp.net
On Sun, 11 Jan 2004, Michael Hoeller wrote:
I have update my config but I still can't acces the INet when the firewall is up. No problems without the firwall.
I am really lost and have no idea what else to check -- maybe someone has an idea or sees what I over see??
SusEfirewall2 test does not block anything but logs packes which would get blocked. -- BINGO: Machen Sie einen Vorschlag --- Engelbert Gruber -------+ SSG Fintl,Gruber,Lassnig / A6170 Zirl Innweg 5b / Tel. ++43-5238-93535 ---+
Thanks Engelbert, which miracel with the option "test" it works.. Now I have some more lines in var/lop/messages but I can't get some helpfull info from it. Is there an other place were I need to look or is the attach info more readable for the experts? Thanks a lot Michael Jan 11 18:44:42 tamboti SuSEfirewall2: Firewall set in TEST mode. Jan 11 18:44:42 tamboti modprobe: modprobe: Can't locate module ippp1 Jan 11 18:44:43 tamboti kernel: ip_tables: (C) 2000-2002 Netfilter core team Jan 11 18:44:43 tamboti kernel: ip_conntrack version 2.1 (4095 buckets, 32760 max) - 304 bytes per conntrack Jan 11 18:44:44 tamboti SuSEfirewall2: Firewall rules successfully set from /etc/sysconfig/SuSEfirewall2 Jan 11 18:44:53 tamboti ipppd[3232]: Found 1 device: Jan 11 18:44:53 tamboti ipppd[3233]: ipppd i2.2.12 (isdn4linux version of pppd by MH) started Jan 11 18:44:53 tamboti ipppd[3233]: init_unit: 0 Jan 11 18:44:53 tamboti kernel: ippp, open, slot: 1, minor: 1, state: 0 000 Jan 11 18:44:53 tamboti kernel: ippp_ccp: allocated reset data structur e c7e91800 Jan 11 18:44:53 tamboti ipppd[3233]: Connect[0]: /dev/ippp1, fd: 14 Jan 11 18:44:53 tamboti kernel: ippp1: dialing 1 019103000... Jan 11 18:44:53 tamboti isdnlog: Jan 11 18:44:53 * tei 83 calling vr-we b with ? RING (Data) Jan 11 18:44:55 tamboti isdnlog: Jan 11 18:44:55 tei 83 calling vr-web with ? Time:Sun Jan 11 18:44:00 2004 Jan 11 18:44:55 tamboti isdnlog: Jan 11 18:44:55 tei 83 calling vr-web with ? CONNECT (Data) Jan 11 18:44:55 tamboti isdnlog: Jan 11 18:44:55 tei 83 calling vr-web with ? INTERFACE ippp1 calling 019103000 Jan 11 18:44:55 tamboti isdnlog: Jan 11 18:44:55 tei 83 calling vr-web with ? No area info for provider 33_0 (13), destination 019103000 Jan 11 18:44:55 tamboti kernel: isdn_net: ippp1 connected Jan 11 18:44:55 tamboti ipppd[3233]: Local number: 0, Remote number: 01 9103000, Type: outgoing Jan 11 18:44:55 tamboti ipppd[3233]: PHASE_WAIT -> PHASE_ESTABLISHED, i funit: 1, linkunit: 0, fd: 14 Jan 11 18:44:55 tamboti ipppd[3233]: ioctl(SIOCSIFMTU): Invalid argumen t, 10 ippp1 1524. Jan 11 18:44:55 tamboti ipppd[3233]: Remote message: Jan 11 18:44:55 tamboti ipppd[3233]: MPPP negotiation, He: No We: No Jan 11 18:44:55 tamboti ipppd[3233]: CCP enabled! Trying CCP. Jan 11 18:44:55 tamboti ipppd[3233]: CCP: got ccp-unit 0 for link 0 (Co mpression Control Protocol) Jan 11 18:44:55 tamboti ipppd[3233]: ccp_resetci! Jan 11 18:44:55 tamboti kernel: Received CCP frame from peer slot(1) Jan 11 18:44:55 tamboti kernel: [1/1].ccp-rcv[0]: 01 01 00 09 11 05 00 01 04 Jan 11 18:44:55 tamboti ipppd[3233]: ccp_resetci! Jan 11 18:44:55 tamboti kernel: Received CCP frame from daemon: Jan 11 18:44:55 tamboti kernel: [1/1].ccp-xmit[0]: ff 03 80 fd 01 01 00 04 Jan 11 18:44:55 tamboti kernel: Received CCP frame from daemon: Jan 11 18:44:55 tamboti kernel: [1/1].ccp-xmit[0]: ff 03 80 fd 04 01 00 09 11 05 00 01 04 Jan 11 18:44:55 tamboti kernel: Received CCP frame from peer slot(1) Jan 11 18:44:55 tamboti kernel: [1/1].ccp-rcv[0]: 04 01 00 04 Jan 11 18:44:55 tamboti kernel: Received CCP frame from peer slot(1) Jan 11 18:44:55 tamboti kernel: [1/1].ccp-rcv[0]: 01 02 00 0a 11 06 00 01 01 03 Jan 11 18:44:55 tamboti ipppd[3233]: ccp_resetci! Jan 11 18:44:55 tamboti kernel: Received CCP frame from daemon: Jan 11 18:44:55 tamboti kernel: [1/1].ccp-xmit[0]: ff 03 80 fd 01 02 00 04 Jan 11 18:44:55 tamboti kernel: Received CCP frame from daemon: Jan 11 18:44:55 tamboti kernel: [1/1].ccp-xmit[0]: ff 03 80 fd 04 02 00 0a 11 06 00 01 01 03 Jan 11 18:44:55 tamboti ipppd[3233]: local IP address 62.227.40.199 Jan 11 18:44:55 tamboti ipppd[3233]: remote IP address 212.185.250.217 Jan 11 18:44:55 tamboti kernel: Received CCP frame from peer slot(1) Jan 11 18:44:55 tamboti kernel: [1/1].ccp-rcv[0]: 04 02 00 04 Jan 11 18:44:56 tamboti modify_resolvconf: Service ipppd modified /etc/ resolv.conf. See info block in this file Jan 11 18:44:56 tamboti kernel: SuSE-FW-ILLEGAL-TARGET IN=ippp1 OUT= MA C= SRC=193.158.141.116 DST=62.227.40.199 LEN=73 TOS=0x00 PREC=0x00 TTL= 57 ID=21402 PROTO=UDP SPT=53 DPT=1025 LEN=53 Jan 11 18:44:56 tamboti kernel: SuSE-FW-ILLEGAL-TARGET IN=ippp1 OUT= MA C= SRC=193.158.141.116 DST=62.227.40.199 LEN=113 TOS=0x00 PREC=0x00 TTL =57 ID=20899 PROTO=UDP SPT=53 DPT=1025 LEN=93 Jan 11 18:44:56 tamboti kernel: SuSE-FW-ILLEGAL-TARGET IN=ippp1 OUT= MA C= SRC=192.53.103.103 DST=62.227.40.199 LEN=76 TOS=0x00 PREC=0x00 TTL=5 5 ID=192 PROTO=UDP SPT=123 DPT=123 LEN=56 Jan 11 18:44:56 tamboti kernel: SuSE-FW-ILLEGAL-TARGET IN=ippp1 OUT= MA C= SRC=192.53.103.103 DST=62.227.40.199 LEN=76 TOS=0x00 PREC=0x00 TTL=5 5 ID=207 PROTO=UDP SPT=123 DPT=123 LEN=56 Jan 11 18:44:56 tamboti kernel: SuSE-FW-ILLEGAL-TARGET IN=ippp1 OUT= MA C= SRC=192.53.103.103 DST=62.227.40.199 LEN=76 TOS=0x00 PREC=0x00 TTL=5 engelbert.gruber@ssg.co.at wrote:
On Sun, 11 Jan 2004, Michael Hoeller wrote:
I have update my config but I still can't acces the INet when the firewall is up. No problems without the firwall.
I am really lost and have no idea what else to check -- maybe someone has an idea or sees what I over see??
SusEfirewall2 test does not block anything but logs packes which would get blocked.
-- Encrypted eMail welcome! Get my OpenPGP-Key ID: 0xE9B00731 from: wwwkeys.de.pgp.net
On Sun, 11 Jan 2004, Michael Hoeller wrote:
which miracel with the option "test" it works.. Now I have some more
no miracle nothing is blocked in test mode.
lines in var/lop/messages but I can't get some helpfull info from it. Is there an other place were I need to look or is the attach info more readable for the experts?
Thanks a lot Michael
Jan 11 18:44:42 tamboti SuSEfirewall2: Firewall set in TEST mode. Jan 11 18:44:42 tamboti modprobe: modprobe: Can't locate module ippp1
??? i canot remember my last isdn work, see /etc/modules.conf is there a ippp1 line ?
Jan 11 18:44:55 tamboti ipppd[3233]: local IP address 62.227.40.199 Jan 11 18:44:55 tamboti ipppd[3233]: remote IP address 212.185.250.217
Jan 11 18:44:56 tamboti modify_resolvconf: Service ipppd modified /etc/ resolv.conf. See info block in this file
and the following lines show the same as before:
Jan 11 18:44:56 tamboti kernel: SuSE-FW-ILLEGAL-TARGET IN=ippp1 OUT= MA C= SRC=193.158.141.116 DST=62.227.40.199 LEN=73 TOS=0x00 PREC=0x00 TTL= 57 ID=21402 PROTO=UDP SPT=53 DPT=1025 LEN=53
193.158.141.116 (www-proxy.C1.srv.t-online.de maybe also assigned as dns, could you check /etc/resolv.conf). wants to exchange dns data. packages coming from ippp1 destination your local assigned ip. /sbin/ifconfig says what ? cheers -- BINGO: enthusiastically administrate high-quality products --- Engelbert Gruber -------+ SSG Fintl,Gruber,Lassnig / A6170 Zirl Innweg 5b / Tel. ++43-5238-93535 ---+
On Sun, 11 Jan 2004 engelbert.gruber@ssg.co.at wrote: without thinking the log shows that the firewall is started before the interface is up. i told you there are options for this but not now. cheers -- BINGO: Einpflegen --- Engelbert Gruber -------+ SSG Fintl,Gruber,Lassnig / A6170 Zirl Innweg 5b / Tel. ++43-5238-93535 ---+
Note, I haven't been doing these things with modems/ISDNs for quite a while so I might be totally lost here...
which miracel with the option "test" it works.. Now I have some more lines in var/lop/messages but I can't get some helpfull info from it. Is there an other place were I need to look or is the attach info more readable for the experts?
What "ifconfig -a" says when your connection (modem/ISDN) has been opened? Check the information from ifconfig output against the devices configured for the firewall script. Does the gateway setting get right? Has it been configured to run the firewall scripts after opening the line, or are they set up before that? Is the IP address information from ifconfig output correct as compared to the logs or settings in the firewall (see the real firewall rules with iptables -L)? Is the setting FW_DEV_EXT="ppp0" the device you have up when connected - use ifconfig to check? I haven't done these with modems/ISDNs for ages but it sounds a bit suspicious to have "ppp0" in the device and yet "ippp1" in the log... Have you tried with (lower level) protocols such as ICMP, to get through the connection? Command "ping IP-address" is a good choice for ICMP testing. This meaning that try to find out if any IP traffic gets through. The options affecting this are: FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" FW_ALLOW_FW_TRACEROUTE="yes" That would mean that pinging the firewall is ok, but its external device is not allowed to be pinged. Traceroute (at least some versions) use ICMP too so this probably lets you traceroute outside network - but not to the point of your (just) external(?) Are you connecting through the firewall or from the firewall? So is there a network attached to the ethernet card and you are using a host from there to try to get out through the firewall. (Other rules may affect how you get out from the firewall, and I think you shouldn't use it for accessing Internet). From the internal hosts check that their network settings, firewalls etc are correct. The logs you have provided seem to indicate that:
Jan 11 18:44:56 tamboti kernel: SuSE-FW-ILLEGAL-TARGET IN=ippp1 OUT= MA C= SRC=193.158.141.116 DST=62.227.40.199 LEN=73 TOS=0x00 PREC=0x00 TTL= 57 ID=21402 PROTO=UDP SPT=53 DPT=1025 LEN=53
SPT=53, protocol/service is probably DNS (name service). If you can not use DNS but other things work, you should get through the firewall by using IP addresses (directly).
Jan 11 18:44:56 tamboti kernel: SuSE-FW-ILLEGAL-TARGET IN=ippp1 OUT= MA C= SRC=193.158.141.116 DST=62.227.40.199 LEN=113 TOS=0x00 PREC=0x00 TTL =57 ID=20899 PROTO=UDP SPT=53 DPT=1025 LEN=93
Again SPT=53, service is likely DNS and I would say that this means that a DNS server is trying to reply to you. The option FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" probably affects just this? That should mean that replies to DNS queries are allowed as UDP packets to high ports - such as the DPT=1025 above. I think you had this.
Jan 11 18:44:56 tamboti kernel: SuSE-FW-ILLEGAL-TARGET IN=ippp1 OUT= MA C= SRC=192.53.103.103 DST=62.227.40.199 LEN=76 TOS=0x00 PREC=0x00 TTL=5 5 ID=192 PROTO=UDP SPT=123 DPT=123 LEN=56 Jan 11 18:44:56 tamboti kernel: SuSE-FW-ILLEGAL-TARGET IN=ippp1 OUT= MA C= SRC=192.53.103.103 DST=62.227.40.199 LEN=76 TOS=0x00 PREC=0x00 TTL=5 5 ID=207 PROTO=UDP SPT=123 DPT=123 LEN=56
And 123 port is probably NTP (network time protocol). Here the firewall denies connection to obtain time.
Jan 11 18:44:56 tamboti kernel: SuSE-FW-ILLEGAL-TARGET IN=ippp1 OUT= MA C= SRC=192.53.103.103 DST=62.227.40.199 LEN=76 TOS=0x00 PREC=0x00 TTL=5
The ifconfig information might help here. I think it is quite OK to replace the real addresses so that you do not reveal too much of the target IPs to this (open) list. timo
Snipped> This sounds fairly simple but I couldn't figgure out what is wrong... I have attched my settings from /etc/sysconfig/SuSEFirewall2.
Hope some one can give me a hint I am lost with this one :(
Thanks a lot Michael <snipped again>
Not sure what type of connection you're running, but fwiw, when I upgraded to 9.0, I had to switch my outside interface from ppp0(as ws done in 8.0) to eth0(as is done in 9.0), where the nic is, suse firewall2 works like a charm after that. This is for a DSL connection Lee
participants (6)
-
engelbert.gruber@ssg.co.at -
Lee -
markus reichelt -
MichaelHoeller@t-online.de -
Robert Schiele -
timo