I have a small home LAN (3 machines) and want to convert the gateway machine to SuSE linux. In fact, I've already got it running no problem (dual booting with Win98). There's just one thing I still haven't managed to configure correctly, and that's the firewall/masquerading. I've tried using YaST2 to set the firewall rules up (using SuSE firewall2), and have tried other tools downloaded from the net, but haven't managed to get it working properly - the best I've managed is to cut off all internet access :-/ I've also read relevant web pages etc. but without enlightenment. The system (under Win98) involves running NAT32 and ZoneAlarm, and works fine, so I know that the client machines are set up properly. However, linux seems to be harder to get set up :-( The gateway machine gets its external IP by DHCP from the cable modem (eth0), and the internal IP address 192.168.0.1 is set for eth1. All machines on the LAN have IP addresses in the range 192.168.0.x. I don't need a proxy on the gateway machine, although I'll install one if it the easiest way! What I want is the following: 1) Gateway machine to be used as a desktop machine as well as a gateway. 2) Gateway machine to have full, unrestricted access to the internet and to the machines on the LAN. 3) All machines on the LAN to have full, unrestricted access to the internet and to the gateway machine. 4) All access from the internet to the LAN to be denied. 5) All access from the internet to the gateway machine to be denied except for ICQ and MSN messenger. Can anyone point me to an idiot's guide to setting up SuSE firewall2 for this, or tell me what to do? Alternatively, is there a different package I might use? TiA, John -- John Pettigrew XL Cambridge - contract and freelance editing Biology specialist Molecular biology, genetics, biotechnology john@xl-cambridge.com http://www.xl-cambridge.com/ PGP public key available
What I want is the following: 1) Gateway machine to be used as a desktop machine as well as a gateway. 2) Gateway machine to have full, unrestricted access to the internet and to the machines on the LAN. 3) All machines on the LAN to have full, unrestricted access to the internet and to the gateway machine. 4) All access from the internet to the LAN to be denied. 5) All access from the internet to the gateway machine to be denied except for ICQ and MSN messenger.
Forget Firewall2 - it's a PITA to get going correctly.... I'd be happy to mail you my firewall script - it's not *perfect* but it does work and it's a good starting point. JOn
* John Pettigrew;
Can anyone point me to an idiot's guide to setting up SuSE firewall2 for this, or tell me what to do? Alternatively, is there a different package I might use?
Have you read the EXAMPLES and the FAQ /usr/share/doc/packages/SuSEfirewall2 if yes and still unable to reach your goal then send the output of grep -v ^# /etc/sysconfig/SuSEfirewall2 -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
On Monday 02 September 2002 3:26 am, John Pettigrew wrote:
I have a small home LAN (3 machines) and want to convert the gateway machine to SuSE linux. In fact, I've already got it running no problem (dual booting with Win98). There's just one thing I still haven't managed to configure correctly, and that's the firewall/masquerading. I've tried using YaST2 to set the firewall rules up (using SuSE firewall2), and have tried other tools downloaded from the net, but haven't managed to get it working properly - the best I've managed is to cut off all internet access :-/ I've also read relevant web pages etc. but without enlightenment.
The system (under Win98) involves running NAT32 and ZoneAlarm, and works fine, so I know that the client machines are set up properly. However, linux seems to be harder to get set up :-(
The gateway machine gets its external IP by DHCP from the cable modem (eth0), and the internal IP address 192.168.0.1 is set for eth1. All machines on the LAN have IP addresses in the range 192.168.0.x. I don't need a proxy on the gateway machine, although I'll install one if it the easiest way!
What I want is the following: 1) Gateway machine to be used as a desktop machine as well as a gateway. 2) Gateway machine to have full, unrestricted access to the internet and to the machines on the LAN. 3) All machines on the LAN to have full, unrestricted access to the internet and to the gateway machine. 4) All access from the internet to the LAN to be denied. 5) All access from the internet to the gateway machine to be denied except for ICQ and MSN messenger.
Can anyone point me to an idiot's guide to setting up SuSE firewall2 for this, or tell me what to do? Alternatively, is there a different package I might use?
TiA, John, Save yourself a lot of headaches, use Shorewall. It's super easy to get what you want, especially if you read the directions. He has a 2 interface rule set that is just what you need. Find it at www.shorewall.net
There is the programm 'webcam' in the package of v4l-tools in the SuSE 7.3. But I can't find a documentation for this. Do somebody know a doc for 'webcam'. Or perhaps there is somebody who can answer these questions. When I type 'webcam' in my comandline, it's reading the configfile '/root/.webcamrc' but on the whole system there is no file like this. Which parameters do this file need? Are there examples? Which alternatives do I have by using only a textbased system? Stephan
tisdagen den 3 september 2002 12.26 skrev Stephan Angele:
There is the programm 'webcam' in the package of v4l-tools in the SuSE 7.3. But I can't find a documentation for this. Do somebody know a doc for 'webcam'. Or perhaps there is somebody who can answer these questions. When I type 'webcam' in my comandline, it's reading the configfile '/root/.webcamrc' but on the whole system there is no file like this. Which parameters do this file need? Are there examples? Which alternatives do I have by using only a textbased system?
man webcam will give you a manpage with an exaple of a configfile. Just copy that into your favourite editor, edit it according to your system and wishes and save it as .webcamrc in the home directory of the user you want to run webcam as. Olle -- MicroSoft Network may not carry this message without license to do so. License to carry this message requires a fee of $1000, payable within 30 days to Olle Viksten. Appearance of this message on MicroSoft Network constitutes an agreement to terms.
Ok! Thanks, vour tip is working fine. But now I have the next problem - to configure it. Here is my file: [ftp] # host = # user = # pass = dir = /daten/WWW/ file = cam.jpg tmp = /daten/WWW/ passive = 1 debug = 0 auto = 0 local= 1 # [grab] device = /dev/video0 text = "webcam %Y-%m-%d %H:%M:%S" infofile = cam.jpg width = 320 height = 240 delay = 3 ;input = composite1 norm = pal rotate = 0 top = 0 left = 0 bottom = -1 right = -1 quality = 100 trigger = 0 once = 0 When I start 'webcam' the following message will come: server:~ # webcam reading config file: /root/.webcamrc ioctl: VIDIOCMCAPTURE(0,fmt=4,size=160x120): Invalid argument ioctl: VIDIOCMCAPTURE(0,fmt=7,size=160x120): Invalid argument ioctl: VIDIOCMCAPTURE(0,fmt=13,size=160x120): Invalid argument video4linux webcam v1.3 - (c) 1998-2001 Gerd Knorr grabber config: size 320x240 [12 bit YUV 4:2:0 (planar)] input (null), norm pal, jpeg quality 100 rotate=0, top=0, left=0, bottom=240, right=320 ftp config: local transfer /daten/WWW/ //daten/WWW/ => /daten/WWW/ /cam.jpg open cam.jpg: No such file or directory "webcam 2002-09-03 14:01:36" open /daten/WWW/ //daten/WWW/: No such file or directory What's going wrong? I want save this foto local under /daten/WWW/. This directory is there. Is in my config-file something wrong? What does the parameters 'local', 'infofile', 'input = composite1' and 'once' mean? Sorry for prehaps stupid questions! I'm a new in linux. Stephan
In a previous message, Richard wrote:
Save yourself a lot of headaches, use Shorewall. It's super easy to get what you want, especially if you read the directions. He has a 2 interface rule set that is just what you need. Find it at www.shorewall.net
Marvellous! That's what I wanted - something easy to set up, rules-based and effective. Got it to work very quickly and easily. Many thanks to all who pitched in! John -- John Pettigrew XL Cambridge - contract and freelance editing Biology specialist Molecular biology, genetics, biotechnology john@xl-cambridge.com http://www.xl-cambridge.com/ PGP public key available
John Pettigrew wrote:
Can anyone point me to an idiot's guide to setting up SuSE firewall2 for this, or tell me what to do? Alternatively, is there a different package I might use?
I would recommend reading the config file, /etc/sysconfig/SuSEfirewall2. IT is very well commented, and will get you going in a short time. It is so much better to edit this file direct to check out the comments and learn what you need to do. This has worked for me since 6.4 with SuSEfirewall and now with 8.0 & SuSEfirewall2. -- Joe & Sesil Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Web Address: http://www.mydestiny.net/~joe_morris Registered Linux user 231871 God said, I AM that I AM. I say, by the grace God, I am what I am.
participants (7)
-
Joe & Sesil Morris (NTM) -
John Pettigrew -
Jon Biddell -
Olle Viksten -
Richard -
Stephan Angele -
Togan Muftuoglu