Hello, I'm really lost at the SuSE firewall 2. As far as I can see, the ONLY firewall in place is the SuSE firewall, but it doesn't seem to matter what rules I configure, it keeps blocking those ports I thought I'd just opened. The system is up to date as far as patches are concerned. I'm wondering what other mysterious component is acting as a firewall? I recently upgraded from 8.2 to 9.2 I did not see any errors, but did notice that the default KDE login screen keeps saying 8.2 instead of 9.2. Please give me some direction to look for.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Guus Teley RI schrieb:
Hello,
I'm really lost at the SuSE firewall 2. As far as I can see, the ONLY firewall in place is the SuSE firewall, but it doesn't seem to matter what rules I configure, it keeps blocking those ports I thought I'd just opened. The system is up to date as far as patches are concerned.
I'm wondering what other mysterious component is acting as a firewall?
I recently upgraded from 8.2 to 9.2 I did not see any errors, but did notice that the default KDE login screen keeps saying 8.2 instead of 9.2.
Please give me some direction to look for.
Hi! It's aways the rtfm that most newbees have problems with. Before using a software read the manual. Manuals are unter /usr/share/doc/packages/PACKAGENAME. Before not reading any manual you can't ask questions. On the (ols) SuSE pages under support there is a support-database which answers many questions. An unofficial SuSE FAQ you will find here: http://susefaq.sourceforge.net/ The SuSEfirewall works as follows: rules for machine internal requests external requests router: forwarding of internal and external requests to internal machines. The explnanations for each rule is in the file /etc/sysconfig/SuSEfirewall. To restart the firewall to take changes affect type "/sbin/SuSEfirewal2 stop" and "/sbin/SuSEfirewal2 start". This is imo the safer way than /rcSuSEfirewall2 restart as some rules are not reseted propper. Reguards Philippe - -- Diese Nachricht ist digital signiert und enthält weder Siegel noch Unterschrift! Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQD1AwUBQlHYKkNg1DRVIGjBAQLi/gcAt8cnaAnKOfAgBnLXtwVnVyp0v+cpULT2 mFfsv2KK5sAxkfqIA24tdsUVNPsBk3NHSb8RIPRUjWjVJ1FAM9siDz9tgyQLNnJV JYPgMM20Pnp0CsnZPffylZIjfgjplYxMeKNr2ikgXKl5QhTl+pm7Rho5ZfX4DkOr 7xh2W7NJQz28i3mT3Vs40FYotK+z0w1iJZjfdpZAjd7D1gTtee2phH7ecyfIHOkz M+X1WGNerVm7eO56tOkLunePTE4AYfwNsuYqmJT/daY1WTk6rnZrYc1+ezV90DdI R+cbNF0H1EE= =JCMl -----END PGP SIGNATURE-----
Philippe Vogel wrote:
[...] The explnanations for each rule is in the file /etc/sysconfig/SuSEfirewall. To restart the firewall to take changes affect type "/sbin/SuSEfirewal2 stop" and "/sbin/SuSEfirewal2 start". This is imo the safer way than /rcSuSEfirewall2 restart as some rules are not reseted propper.
If you do that you open your machine for a short period of time. You can just run /sbin/SuSEfirewall2, it always flushes all rules anyways (except for ipv6 if you change FW_IPv6 to 'no'). cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/
The Sunday 2005-04-03 at 22:08 +0200, Guus Teley RI wrote:
I'm really lost at the SuSE firewall 2.
As far as I can see, the ONLY firewall in place is the SuSE firewall, but it doesn't seem to matter what rules I configure, it keeps blocking those ports I thought I'd just opened.
It is "SuSEfirewall2" now. You should give details so that people can comment.
I recently upgraded from 8.2 to 9.2 I did not see any errors, but did notice that the default KDE login screen keeps saying 8.2 instead of 9.2.
You'd better ask this on the suse-linux-e list. ¿Do you have more than one partition fo rlinux, per chance? -- Cheers, Carlos Robinson
OK, I got the message!
I'll read the fine manual first.
But what I tried to say is that I did configure SuSEfirewall2, and that I
did get some response back, but that I did not got the idea it was doing
what i've just configured.
After some investigation (and help from this list) I found that using WebMin
for configuring the SuSE firewall isn't doing the whole job. Using the
command iptables -L -v -n|grep -v "^ *0 " showed a lot more than that I got
presented from the Webmin screen.
So what did I learn today? Stop using 'simple' management tools!
Thanks for your help.
----- Original Message -----
From: "Carlos E. R."
The Sunday 2005-04-03 at 22:08 +0200, Guus Teley RI wrote:
I'm really lost at the SuSE firewall 2.
As far as I can see, the ONLY firewall in place is the SuSE firewall, but it doesn't seem to matter what rules I configure, it keeps blocking those ports I thought I'd just opened.
It is "SuSEfirewall2" now.
You should give details so that people can comment.
I recently upgraded from 8.2 to 9.2 I did not see any errors, but did notice that the default KDE login screen keeps saying 8.2 instead of 9.2.
You'd better ask this on the suse-linux-e list.
¿Do you have more than one partition fo rlinux, per chance?
-- Cheers, Carlos Robinson
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
The Thursday 2005-04-07 at 00:09 +0200, Guus Teley RI wrote:
OK, I got the message! I'll read the fine manual first.
I was refering to your other problem, related to kde and login and suse version. You posted two different problems on the same message.
But what I tried to say is that I did configure SuSEfirewall2, and that I did get some response back, but that I did not got the idea it was doing what i've just configured. After some investigation (and help from this list) I found that using WebMin for configuring the SuSE firewall isn't doing the whole job. Using the command iptables -L -v -n|grep -v "^ *0 " showed a lot more than that I got presented from the Webmin screen.
So what did I learn today? Stop using 'simple' management tools!
I think that Yast is a better tool for configuring susefirewall. -- Cheers, Carlos Robinson
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2005-04-10 at 12:14 +0200, Carlos E. R. wrote:
Subject: [suse-security] *****SPAM***** Re: [suse-security] SuSE Firewall
I certainly did not add that "SPAM" header, and I'm no spammer. :-/ - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFCWXnjtTMYHG2NR9URAheGAJ4rrshmrrqM54Y/m6UGtEQAHg4/nwCfTRpT LiAEI2wpkqAJYma0HZYzFHM= =WxQO -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2005-04-10 at 21:08 +0200, Carlos E. R. wrote:
Subject: [suse-security] *****SPAM***** Re: [suse-security] SuSE Firewall
I certainly did not add that "SPAM" header, and I'm no spammer. :-/
Mmm, at least I get here. On the other lists I get a bounce:
X-Virus-Scanned: by amavisd-new at scanhost.suse.de X-Spam-Status: Yes, hits=8.4 tagged_above=-20.0 required=5.0 tests=BAYES_50, DNS_FROM_RFC_POST, LOCAL_RCVD_IN_CBL, RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL, RCVD_IN_SORBS_WEB, RCVD_IN_XBL X-Spam-Level: ******** X-Spam-Flag: YES I guess someone on your network's been naughty at some point! Tom.
-----Original Message----- From: Carlos E. R. [mailto:robin1.listas@tiscali.es] Sent: 10 April 2005 20:09 To: SuSE Security List Subject: [suse-security] *****SPAM***** Re: [suse-security] SuSE Firewall
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Sunday 2005-04-10 at 12:14 +0200, Carlos E. R. wrote:
Subject: [suse-security] *****SPAM***** Re: [suse-security] SuSE Firewall
I certainly did not add that "SPAM" header, and I'm no spammer. :-/
- -- Cheers, Carlos Robinson
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Made with pgp4pine 1.76
iD8DBQFCWXnjtTMYHG2NR9URAheGAJ4rrshmrrqM54Y/m6UGtEQAHg4/nwCfTRpT LiAEI2wpkqAJYma0HZYzFHM= =WxQO -----END PGP SIGNATURE-----
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
The Monday 2005-04-11 at 08:20 +0100, Thomas Knight wrote:
X-Virus-Scanned: by amavisd-new at scanhost.suse.de X-Spam-Status: Yes, hits=8.4 tagged_above=-20.0 required=5.0 tests=BAYES_50, DNS_FROM_RFC_POST, LOCAL_RCVD_IN_CBL, RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL, RCVD_IN_SORBS_WEB, RCVD_IN_XBL X-Spam-Level: ******** X-Spam-Flag: YES
I guess someone on your network's been naughty at some point!
I know - normal, because it is a very big network, impossible to police. But I don't understand why some suse lists lie about their rejection, and say "ezmlm-reject: fatal: message already has a Mailing-List header (maybe I should be a sublist) (#5.7.2)" - and suse-security instead passes, and edits the header. Worse, the archive publishes real spam... -- Cheers, Carlos Robinson
Guus Teley RI wrote:
I recently upgraded from 8.2 to 9.2
How did you do the update? You certainly booted from CD/DVD to do it, didn't you? What does "rpm -q suse-release aaa_base" return? -- Richard Ems Tel: +49 40 65803 312 Fax: +49 40 65803 392 Richard.Ems@mtg-marinetechnik.de MTG Marinetechnik GmbH - Wandsbeker Koenigstr. 62 - D 22041 Hamburg GF Dipl.-Ing. Ullrich Keil Handelsregister: Abt. B Nr. 11 500 - Amtsgericht Hamburg Abt. 66 USt.-IdNr.: DE 1186 70571
FYI:
suse-release-9.2-3.1
aaa_base-9.2-5.4
----- Original Message -----
From: "Richard Ems"
Guus Teley RI wrote:
I recently upgraded from 8.2 to 9.2
How did you do the update? You certainly booted from CD/DVD to do it, didn't you? What does "rpm -q suse-release aaa_base" return?
-- Richard Ems Tel: +49 40 65803 312 Fax: +49 40 65803 392 Richard.Ems@mtg-marinetechnik.de
MTG Marinetechnik GmbH - Wandsbeker Koenigstr. 62 - D 22041 Hamburg
GF Dipl.-Ing. Ullrich Keil Handelsregister: Abt. B Nr. 11 500 - Amtsgericht Hamburg Abt. 66 USt.-IdNr.: DE 1186 70571
participants (6)
-
Carlos E. R.
-
Guus Teley RI
-
Ludwig Nussel
-
Philippe Vogel
-
Richard Ems
-
Thomas Knight