The firewall package in 7.1 is denying forwarding of pings thru my Linux box between subnets or to the Internet. Can I allow this without allowing pings from the Internet to anything on or inside the firewall? TIA, Jeffrey -- I don't do Windows and I don't come to work before nine. -- Johnny Paycheck
Have people who are having issues upgraded the firewall package. There is an update on the ftp site. -- Ben Rosenberg mailto:ben@whack.org ----- If two men agree on everything, you can be sure that only one of them is doing the thinking.
On Wed, Mar 07, 2001 at 10:09:23AM -0800, Ben Rosenberg wrote:
Have people who are having issues upgraded the firewall package. There is an update on the ftp site.
Where do I have to look at? ftp.suse.com/pub/suse/i386/update/7.1/sec1 contains personal-firewall-1.0-6 only dated January 25. personal-firewall is not SuSEfirewall which causes problems. I haven't got enough time to look at the problem closer, maybe tonight. In my case SuSEfirewall fails at all 3 stages on boot, but when I then check its status (rcSuSEfirewall status) it's all up and running, all filtering rules are in place. -Kastus
-- Ben Rosenberg mailto:ben@whack.org
For the new firewall go here: www.suse.de/~marc you will need to select his SuSE section, unless you want to peruse...You will find the newest version which is v4.3 dated 24th Feb. The version above that is for iptables, but is Alpha only. Its a tarball, not a rpm, write back here in case of difficulties... Oh, do not forget to backup your original /etc/rc.config.d/firewall.rc.config file so you can copy your old settings over. And do NOT get your interfaces confused....:-). Matt On Wed, 7 Mar 2001, Konstantin (Kastus) Shchuka wrote:
On Wed, Mar 07, 2001 at 10:09:23AM -0800, Ben Rosenberg wrote:
Have people who are having issues upgraded the firewall package. There is an update on the ftp site.
Where do I have to look at?
ftp.suse.com/pub/suse/i386/update/7.1/sec1 contains personal-firewall-1.0-6 only dated January 25.
personal-firewall is not SuSEfirewall which causes problems.
I haven't got enough time to look at the problem closer, maybe tonight. In my case SuSEfirewall fails at all 3 stages on boot, but when I then check its status (rcSuSEfirewall status) it's all up and running, all filtering rules are in place.
-Kastus
-- Ben Rosenberg mailto:ben@whack.org
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq
I have installed the 4.3 update. I am seeing the same problem. It only occurs when trying to ping or ssh across internal interfaces. For example: 192.168.169.1 is eth1 (wireless LAN) 192.168.183.1 is vmnet1 (VMware host-only network)
From 192.168.169.3 I can ping/ssh 192.168.169.1 and 192.168.183.1. Ping/ssh to 192.168.183.3 is DENYed by the forward chain of the firewall.
I can reach the Internet from any of the internal subnets.
Jeffrey
Quoting Ben Rosenberg
Have people who are having issues upgraded the firewall package. There is an update on the ftp site.
-- I don't do Windows and I don't come to work before nine. -- Johnny Paycheck
Jeffrey, Did you try posting to the security mailing list? I have no idea what is causing this problem...If no-one else knows here then its worth a shot :-). Matt On Wed, 7 Mar 2001, Jeffrey Taylor wrote:
I have installed the 4.3 update. I am seeing the same problem. It only occurs when trying to ping or ssh across internal interfaces. For example:
192.168.169.1 is eth1 (wireless LAN) 192.168.183.1 is vmnet1 (VMware host-only network)
From 192.168.169.3 I can ping/ssh 192.168.169.1 and 192.168.183.1. Ping/ssh to 192.168.183.3 is DENYed by the forward chain of the firewall.
I can reach the Internet from any of the internal subnets.
Jeffrey
Quoting Ben Rosenberg
: Have people who are having issues upgraded the firewall package. There is an update on the ftp site.
-- I don't do Windows and I don't come to work before nine. -- Johnny Paycheck
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq
participants (5)
-
Ben Rosenberg
-
Damon Register
-
Jeffrey Taylor
-
Konstantin (Kastus) Shchuka
-
Matthew Johnson