How to configure two external interfaces
I am using SuSE 8.1 with a DSL interface (dynamic IP address) and a dial up ISDN interface, with a fixed IP address. I want to block all of the incomming traffic on the DSL interface and allow some service (smtp) on the dialup interface. But in the SuSEfirewall2 config file there is no chance to configure the two external interfaces in a different manner. Is there another chance ? Rainer
if u dont line suse fw try some other product :)
http://www.shorewall.net
----- Original Message -----
From: "Rainer Stransky"
I am using SuSE 8.1 with a DSL interface (dynamic IP address) and a dial up ISDN interface, with a fixed IP address. I want to block all of the incomming traffic on the DSL interface and allow some service (smtp) on the dialup interface. But in the SuSEfirewall2 config file there is no chance to configure the two external interfaces in a different manner. Is there another chance ? Rainer
Rainer Stransky
I am using SuSE 8.1 with a DSL interface (dynamic IP address) and a dial up ISDN interface, with a fixed IP address.
I want to block all of the incomming traffic on the DSL interface and allow some service (smtp) on the dialup interface.
But in the SuSEfirewall2 config file there is no chance to configure the two external interfaces in a different manner.
Is there another chance ?
Yes, you can use 'raw' iptables. This is not too difficult to set up. You could use something like:- # Assuming DSL is on eth0 and ISDN on pppx iptables -P INPUT DROP # Accept packets on connections you establish iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow incoming smtp conections on ISDN iptables -A INPUT -i ppp+ -p tcp -m state --state NEW --dport 25 -j ACCEPT
On Mon, 13 Jan 2003, Graham Murray wrote:
Rainer Stransky
writes: I am using SuSE 8.1 with a DSL interface (dynamic IP address) and a dial up ISDN interface, with a fixed IP address.
I want to block all of the incomming traffic on the DSL interface and allow some service (smtp) on the dialup interface.
But in the SuSEfirewall2 config file there is no chance to configure the two external interfaces in a different manner.
Is there another chance ?
maybe you could configure it as dmz ? -- BINGO: Kritischer Pfad --- Engelbert Gruber -------+ SSG Fintl,Gruber,Lassnig / A6410 Telfs Untermarkt 9 / Tel. ++43-5262-64727 ----+
Try this in /etc/sysconfig/SuSEfirewall2 :
FW_DEV_EXT="ppp0 ppp1". Change ppp0, ppp1 with your external interfaces
names.
FW_ALLOW_CLASS_ROUTING="yes". This tells SuseFirewall to route between
interfaces from the same class.
Good Luck.
Alberto.
----- Original Message -----
From: "Rainer Stransky"
I am using SuSE 8.1 with a DSL interface (dynamic IP address) and a dial up ISDN interface, with a fixed IP address.
I want to block all of the incomming traffic on the DSL interface and allow some service (smtp) on the dialup interface.
But in the SuSEfirewall2 config file there is no chance to configure the two external interfaces in a different manner.
Is there another chance ?
Rainer
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (5)
-
Alberto Rodas Hettich
-
Andreas Bittner
-
engelbert.gruber@ssg.co.at
-
Graham Murray
-
Rainer Stransky