firewall and dns

19 Mar 2001

      Hi,

I'm in trouble with firewals-2.6-33 and ipchains-1.3.9-173 (SuSE7.0). I like
to run bind9 on the firewall and this are the settings from
/etc/rc.config.g/firewall.rc.config:

FW_DEV_WORLD="ippp0"
#FW_DEV_WORLD_ippp0="192.168.2.99 255.255.255.255" # e.g. for exernal interface ippp0
FW_DEV_INT="eth0"
FW_DEV_INT_eth0="192.168.0.4 255.255.255.0" # e.g. for internal interface eth0
FW_DEV_DMZ=""
#FW_DEV_DMZ_eth1="192.168.1.1 255.255.255.0" # e.g. for dmz interface eth1
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_NETS="192.168.0.0/24"
FW_MASQ_DEV="$FW_DEV_WORLD"    # e.g. "ippp0" or "$FW_DEV_WORLD"
FW_PROTECT_FROM_INTERNAL="no"
FW_AUTOPROTECT_GLOBAL_SERVICES="yes"        # "yes" is a good choice
FW_SERVICES_EXTERNAL_TCP="smtp domain"    # Common: smtp domain
FW_SERVICES_EXTERNAL_UDP="domain"    # Common: domain
FW_SERVICES_DMZ_TCP="smtp domain"        # Common: smtp domain
FW_SERVICES_DMZ_UDP="domain syslog"        # Common: domain syslog
FW_SERVICES_INTERNAL_TCP="ssh smtp domain www 3128"    # Common: ssh smtp domain
FW_SERVICES_INTERNAL_UDP="domain"    # Common: domain 
FW_TRUSTED_NETS=""
FW_SERVICES_TRUSTED_TCP=""    # Common: ssh
FW_SERVICES_TRUSTED_UDP=""    # Common: syslog time ntp
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"    # Common: "ftp-data" (sadly!)
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"    # Common: "dns"
FW_SERVICE_DNS="yes"    # if yes, FW_SERVICES_*_TCP needs to have port 53
FW_SERVICE_DHCLIENT="no"    # if you use dhclient to get an ip address
FW_SERVICE_DHCPD="no"    # set to "yes" if this server is a DHCP server
FW_SERVICE_SAMBA="no"    # set to "yes" if this server uses samba as client
FW_FORWARD_TCP=""
FW_FORWARD_UDP=""
FW_FORWARD_MASQ_TCP=""
FW_FORWARD_MASQ_UDP=""
FW_REDIRECT_TCP=""
FW_REDIRECT_UDP=""
FW_LOG_DENY_CRIT="yes"
FW_LOG_DENY_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="yes"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_FW_TRACEROUTE="no"
FW_ALLOW_FW_SOURCEQUENCH="yes"
FW_MASQ_MODULES="autofw cuseeme ftp irc mfw portfw quake raudio user vdolive" 

But starting the firewall-script leads to this errors-

Starting Firewall Initialization: (final run) /sbin/ipchains: invalid port/service `1024
blackjack
1024
blackjack
1024
blackjack
1024
blackjack
1024
blackjack' specified
Try `/sbin/ipchains -h' or '/sbin/ipchains --help' for more information.

Whats going wrong?

Yours Thom

-- 
Experience is directly proportional to the value of equipment destroyed.
-- Carolyn Scheppner
-------------------------------------------------------------------
bye bye (c) by Thom     | Thorsten Marquardt
                        | EMail: THOM@kaupp.chemie.uni-oldenburg.de
                        | Member of the pzt project.
                        | http://www.pzt.de
-------------------------------------------------------------------