] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0 0 Jan 2 14:42:05 linux pppd[1911]: sent [LCP ConfAck id=0xec

Hi! When you establish a DSL connection with pppoe, all the traffic goes thru the ppp0 interface. You must configure the ppp0 interface as the external interface in Suse Firewall. Change FW_DEV_EXT="eth0" to FW_DEV_EXT="ppp0". Good Luck. Alberto ----- Original Message ----- From: "Andreas Mantke" To: "suse-security-liste" Sent: Thursday, January 02, 2003 11:46 AM Subject: [suse-security] SuSEfirewall2 Suse 7.3 Hello all, I am trying to setup my SuSEfirewall2. My network: eth0 = extern (DSL) eth1= intern (192.168.0.55 / Netmask 255.255.255.0). You find my settings below. After FW2-Start I become with my Computer no answer from the internet (no connect with browser or mail-program). After I changed the variable FW2_Start to "no" and run /sbin/SuSEconfig nothing happens. Only a restart sets the FW2-Start to no. I hope for any tips to become my firewall running Thanks Andreas My Firewall-settings: FW_DEV_EXT="eth0" FW_DEV_INT="eth1" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.0.0/24" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="" FW_SERVICES_EXT_UDP="13 53" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="22 53 80 8080 110 10001 3128 139 smtp ssh" FW_SERVICES_INT_UDP="53" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="no" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="" FW_SERVICE_SAMBA="no" FW_FORWARD="" FW_FORWARD_MASQ="" FW_REDIRECT="" ---------------------------------------------------------------------- The output of route -n: Kernel IP Routentabelle Ziel Router Genmask Flags Metric Ref Use Iface 217.5.98.70 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 0.0.0.0 217.5.98.70 0.0.0.0 UG 0 0 0 ppp0 --------------------------------------------------------------------- The output of /var/log/messages: Jan 2 14:41:51 linux smpppd[1118]: connected on local socket Jan 2 14:42:04 linux pppd[1911]: Plugin pppoe.so loaded. Jan 2 14:42:04 linux kernel: CSLIP: code copyright 1989 Regents of the Universi ty of California Jan 2 14:42:04 linux kernel: PPP generic driver version 2.4.1 Jan 2 14:42:04 linux pppd[1911]: PPPoE Plugin Initialized Jan 2 14:42:05 linux pppd[1911]: Plugin passwordfd.so loaded. Jan 2 14:42:05 linux pppd[1911]: pppd 2.4.1 started by root, uid 0 Jan 2 14:42:05 linux pppd[1911]: Sending PADI Jan 2 14:42:05 linux pppd[1911]: HOST_UNIQ successful match Jan 2 14:42:05 linux pppd[1911]: HOST_UNIQ successful match Jan 2 14:42:05 linux pppd[1911]: Got connection: 1ebf Jan 2 14:42:05 linux pppd[1911]: Connecting PPPoE socket: 00:90:1a:10:02:54 bf1 e eth0 0x8086678 Jan 2 14:42:05 linux pppd[1911]: using channel 1 Jan 2 14:42:05 linux pppd[1911]: Using interface ppp0 Jan 2 14:42:05 linux pppd[1911]: Connect: ppp0 <--> eth0 Jan 2 14:42:05 linux pppd[1911]: Couldn't increase MTU to 1500. Jan 2 14:42:05 linux pppd[1911]: Setting MTU to 1492. Jan 2 14:42:05 linux pppd[1911]: Couldn't increase MRU to 1500 Jan 2 14:42:05 linux pppd[1911]: sent [LCP ConfReq id=0x1 ] Jan 2 14:42:05 linux pppd[1911]: rcvd [LCP ConfReq id=0xec

] Jan 2 14:42:05 linux pppd[1911]: rcvd [LCP ConfAck id=0x1 ] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0 0 Jan 2 14:42:05 linux pppd[1911]: Setting MTU to 1490. Jan 2 14:42:05 linux pppd[1911]: sent [LCP EchoReq id=0x0 magic=0x76ed7a11] Jan 2 14:42:05 linux pppd[1911]: cbcp_lowerup Jan 2 14:42:05 linux pppd[1911]: want: 2 Jan 2 14:42:05 linux pppd[1911]: sent [PAP AuthReq id=0x1 user="1und1/1477-157@ online.de" password=<hidden>] Jan 2 14:42:05 linux pppd[1911]: rcvd [LCP EchoRep id=0x0 magic=0x72a884c1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jan 2 14:42:05 linux pppd[1911]: rcvd [PAP AuthAck id=0x1 "Authorization - Succ ess"] 00 00 00 00 00 00 00 00 00 00 Jan 2 14:42:05 linux pppd[1911]: Remote message: Authorization - Success Jan 2 14:42:05 linux pppd[1911]: sent [IPCP ConfReq id=0x1 < ms-dns1 0.0.0.0> ] Jan 2 14:42:05 linux pppd[1911]: rcvd [IPCP ConfReq id=0xfa ] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0 0 00 Jan 2 14:42:05 linux pppd[1911]: sent [IPCP ConfAck id=0xfa ] Jan 2 14:42:05 linux pppd[1911]: rcvd [IPCP ConfNak id=0x1 ] 00 00 00 00 00 00 00 00 00 0 0 00 00 00 00 00 00 Jan 2 14:42:05 linux pppd[1911]: sent [IPCP ConfReq id=0x2 ] Jan 2 14:42:06 linux pppd[1911]: rcvd [IPCP ConfAck id=0x2 ] 00 00 00 00 00 00 00 00 00 0 0 00 00 00 00 00 00 Jan 2 14:42:06 linux pppd[1911]: local IP address 80.135.161.129 Jan 2 14:42:06 linux pppd[1911]: remote IP address 217.5.98.70 Jan 2 14:42:06 linux pppd[1911]: primary DNS address 193.158.140.105 Jan 2 14:42:06 linux pppd[1911]: secondary DNS address 194.25.2.129 Jan 2 14:42:06 linux pppd[1911]: Script /etc/ppp/ip-up started (pid 1923) Jan 2 14:42:06 linux modify_resolvconf: Service pppd modified /etc/resolv.conf. See info block in this file Jan 2 14:42:08 linux SuSEfirewall2: Firewall rules successfully set from /etc/r c.config.d/firewall2.rc.config Jan 2 14:42:08 linux pppd[1911]: Script /etc/ppp/ip-up finished (pid 1923), sta tus = 0x0 Jan 2 14:42:20 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC= SRC=193. 158.140.105 DST=80.135.161.129 LEN=249 TOS=0x00 PREC=0x00 TTL=57 ID=50246 PROTO= UDP SPT=53 DPT=1024 LEN=229 Jan 2 14:42:25 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC= SRC=194. 25.2.129 DST=80.135.161.129 LEN=249 TOS=0x00 PREC=0x00 TTL=249 ID=56229 DF PROTO =UDP SPT=53 DPT=1025 LEN=229 Jan 2 14:42:30 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC= SRC=193. 158.140.105 DST=80.135.161.129 LEN=249 TOS=0x00 PREC=0x00 TTL=57 ID=43751 PROTO= UDP SPT=53 DPT=1024 LEN=229 Jan 2 14:42:35 linux pppd[1911]: sent [LCP EchoReq id=0x1 magic=0x76ed7a11] Jan 2 14:42:35 linux pppd[1911]: rcvd [LCP EchoRep id=0x1 magic=0x72a884c1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jan 2 14:42:36 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC= SRC=194. 25.2.129 DST=80.135.161.129 LEN=249 TOS=0x00 PREC=0x00 TTL=249 ID=33873 DF PROTO =UDP SPT=53 DPT=1025 LEN=229 Jan 2 14:42:40 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC= SRC=193. 158.140.105 DST=80.135.161.129 LEN=143 TOS=0x00 PREC=0x00 TTL=57 ID=56391 PROTO= UDP SPT=53 DPT=1025 LEN=123 Jan 2 14:42:44 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC= SRC=193. 158.140.105 DST=80.135.161.129 LEN=249 TOS=0x00 PREC=0x00 TTL=57 ID=5131 PROTO=U DP SPT=53 DPT=1025 LEN=229 Jan 2 14:42:49 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC= SRC=194. 25.2.129 DST=80.135.161.129 LEN=249 TOS=0x00 PREC=0x00 TTL=249 ID=60727 DF PROTO =UDP SPT=53 DPT=1026 LEN=229 Jan 2 14:42:54 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC= SRC=193. 158.140.105 DST=80.135.161.129 LEN=249 TOS=0x00 PREC=0x00 TTL=57 ID=6608 PROTO=U DP SPT=53 DPT=1025 LEN=229 Jan 2 14:42:56 linux pppd[1911]: Terminating on signal 15.

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here