Re: [suse-security] RE: Why the firewall on Suse8.0 blocks internal packets on externel port?
Hallo Michael, yes, so it is, but I can't change the options of the client-software, it is written for external users of the IRC-Server. I need the program for log all traffic on the IRC and to look for someone, who want to talk to me as operator. So I need the variable to deaktivate the option "SuSE-FW-NO_ACCESS_INT->FWEXT ". In which configuration-file or script is it activatet? Best regards, Jost Schöler ____________________________________________________________________________ ________________ Die IRC-Client-Software soll eigentlich auf eine Adresse im Deinem Netzwerk zugreifen, geht jetzt aba über Deinen Router/Firewall auf eine externe IP. Dann ist es wohl eher 'ne Einstellungsfrage der Client-Software. Ciao Michael ____________________________________________________________________________ _____
Am 13.05.2002 13:37:46, schrieb "charly123"
Hallo Michael,
yes, so it is, but I can't change the options of the client-software, it is written for external users of the IRC-Server. I need the program for log all traffic on the IRC and to look for someone, who want to talk to me as operator. So I need the variable to deaktivate the option "SuSE-FW-NO_ACCESS_INT->FWEXT ". In which configuration-file or script is it activatet?
Best regards,
Jost Schöler
should be in /etc/rc.config.d/firewall2.rc.config look into /sbin/SuSEfirewall to find the log entry and the relating variable but take care if ya not excatly know what to do Yours Michael Appeldorn
I am having a similar problem with SuSEfirewall2 (version 2.1). for example -- i have a SuSE linux machine set up as gw with iptables firewall, masq, etc, running HTTP, SMTP, IMAPD, FTP, SSH, etc. probably -- that is not the most secure solution -- but currently i can not move that stuff to other machines (and thus create the DMZ) instead -- i have to use it like that is now. in a similar fashion, i can not connect to it's services from internal (masquaraded) network to number of services via external address -- that is really not convinient. how can i fix it? charly123 wrote:
Hallo Michael,
I want to talk on Port 6667 (IRC-Server) of my own Server. You will say, I can probably talk to the internal Adress, but I can't do that with a specially-written program. This program talks to the external Adress, but the Firewall blocks that. Why can I disable this security-option.
yes, so it is, but I can't change the options of the client-software, it is written for external users of the IRC-Server. I need the program for log all traffic on the IRC and to look for someone, who want to talk to me as operator. So I need the variable to deaktivate the option "SuSE-FW-NO_ACCESS_INT->FWEXT ". In which configuration-file or script is it activatet?
Best regards,
Jost Schöler ____________________________________________________________________________ ________________ Die IRC-Client-Software soll eigentlich auf eine Adresse im Deinem Netzwerk zugreifen, geht jetzt aba über Deinen Router/Firewall auf eine externe IP. Dann ist es wohl eher 'ne Einstellungsfrage der Client-Software. Ciao Michael ____________________________________________________________________________ _____
THere is a switch for "protect from internal I rememebr off hand". You need
to put a route in your table if you are not going to NAT.
Regards,
Jon
----- Original Message -----
From: "Vitaly Shishakov"
I am having a similar problem with SuSEfirewall2 (version 2.1).
for example -- i have a SuSE linux machine set up as gw with iptables firewall, masq, etc, running HTTP, SMTP, IMAPD, FTP, SSH, etc.
probably -- that is not the most secure solution -- but currently i can not move that stuff to other machines (and thus create the DMZ) instead -- i have to use it like that is now.
in a similar fashion, i can not connect to it's services from internal (masquaraded) network to number of services via external address -- that is really not convinient.
how can i fix it?
charly123 wrote:
Hallo Michael,
I want to talk on Port 6667 (IRC-Server) of my own Server. You will say, I can probably talk to the internal Adress, but I can't do that with a specially-written program. This program talks to the external Adress, but the Firewall blocks that. Why can I disable this security-option.
yes, so it is, but I can't change the options of the client-software, it
is
written for external users of the IRC-Server. I need the program for log all traffic on the IRC and to look for someone, who want to talk to me as operator. So I need the variable to deaktivate the option "SuSE-FW-NO_ACCESS_INT->FWEXT ". In which configuration-file or script is it activatet?
Best regards,
Jost Schöler
___________________________________________________________________________ _
________________ Die IRC-Client-Software soll eigentlich auf eine Adresse im Deinem Netzwerk zugreifen, geht jetzt aba über Deinen Router/Firewall auf eine externe IP. Dann ist es wohl eher 'ne Einstellungsfrage der Client-Software. Ciao Michael
___________________________________________________________________________ _
_____
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
I seem to have the same problem (three NICs in the machine, neither of
the two internal ones get any packets forwarded to or from the external
one), and I am not using masquerading. IP forwarding does not work with
the external NIC even with the firewall removed entirely.
Interestingly, it does work between the two internal Nieces, but not to
or from the one with the external gateway. I did think it was because
the external NIC used dhcp, but I wonder if it is a bug in SuSe 8.0?
Anyone want to try with the firewall completely switched off? Might be
difficult without a routeable address on the internal machines, but I
would be very grateful if anyone else could try it!
--
Roger Hayter
In message <00e601c200ee$1f7b83c0$f000a8c0@minniemouse>, Jon
THere is a switch for "protect from internal I rememebr off hand". You need to put a route in your table if you are not going to NAT.
Regards,
Jon ----- Original Message ----- From: "Vitaly Shishakov"
To: Sent: Tuesday, May 21, 2002 10:33 AM Subject: [suse-security] SuSEfirewall2: cannot connect to ext. IP from int. net I am having a similar problem with SuSEfirewall2 (version 2.1).
for example -- i have a SuSE linux machine set up as gw with iptables firewall, masq, etc, running HTTP, SMTP, IMAPD, FTP, SSH, etc.
probably -- that is not the most secure solution -- but currently i can not move that stuff to other machines (and thus create the DMZ) instead -- i have to use it like that is now.
in a similar fashion, i can not connect to it's services from internal (masquaraded) network to number of services via external address -- that is really not convinient.
how can i fix it?
charly123 wrote:
Hallo Michael,
I want to talk on Port 6667 (IRC-Server) of my own Server. You will say, I can probably talk to the internal Adress, but I can't do that with a specially-written program. This program talks to the external Adress, but the Firewall blocks that. Why can I disable this security-option.
yes, so it is, but I can't change the options of the client-software, it
is
written for external users of the IRC-Server. I need the program for log all traffic on the IRC and to look for someone, who want to talk to me as operator. So I need the variable to deaktivate the option "SuSE-FW-NO_ACCESS_INT->FWEXT ". In which configuration-file or script is it activatet?
Best regards,
Jost Schler
___________________________________________________________________________ _
________________ Die IRC-Client-Software soll eigentlich auf eine Adresse im Deinem Netzwerk zugreifen, geht jetzt aba ber Deinen Router/Firewall auf eine externe IP. Dann ist es wohl eher 'ne Einstellungsfrage der Client-Software. Ciao Michael
___________________________________________________________________________ _
_____
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (5)
-
charly123
-
Jon
-
Michael Appeldorn
-
Roger Hayter
-
Vitaly Shishakov