Rainer Stransky writes:

I am using SuSE 8.1 with a DSL interface (dynamic IP address) and a dial up ISDN interface, with a fixed IP address.

I want to block all of the incomming traffic on the DSL interface and allow some service (smtp) on the dialup interface.

But in the SuSEfirewall2 config file there is no chance to configure the two external interfaces in a different manner.

Is there another chance ?

Yes, you can use 'raw' iptables. This is not too difficult to set up. You could use something like:- # Assuming DSL is on eth0 and ISDN on pppx iptables -P INPUT DROP # Accept packets on connections you establish iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow incoming smtp conections on ISDN iptables -A INPUT -i ppp+ -p tcp -m state --state NEW --dport 25 -j ACCEPT

Try this in /etc/sysconfig/SuSEfirewall2 : FW_DEV_EXT="ppp0 ppp1". Change ppp0, ppp1 with your external interfaces names. FW_ALLOW_CLASS_ROUTING="yes". This tells SuseFirewall to route between interfaces from the same class. Good Luck. Alberto. ----- Original Message ----- From: "Rainer Stransky" To: Sent: Monday, January 13, 2003 7:24 PM Subject: [suse-security] How to configure two external interfaces

I am using SuSE 8.1 with a DSL interface (dynamic IP address) and a dial up ISDN interface, with a fixed IP address.

I want to block all of the incomming traffic on the DSL interface and allow some service (smtp) on the dialup interface.

But in the SuSEfirewall2 config file there is no chance to configure the two external interfaces in a different manner.

Is there another chance ?

Rainer

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here