Hi Benjamin, Benjamin Grogg schrieb:
G'day folks:
Following problem : I want connect my Intranet to the Internet. All services must be available form the Intranet (Local network) to the Internet (all ports),but from the Internet to the Intranet all port must be blocked.
If I stop the firewall I can connect and use (Samba, Apache...) my Linux server (192.168.1.1) form my Windows workstation (192.168.1.50)
If I start the firewall I can't connect the server (Deny in the log file). But why? Here is the firewall.rc.config
FW_DEV_WORLD="ppp0" FW_DEV_INT="eth0" FW_DEV_INT_eth0="192.168.1.0/24" # e.g. for internal interface eth0 FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_WORLD" # e.g. "ippp0" or "$FW_DEV_WORLD" FW_KERNEL_SECURITY="yes" FW_AUTOPROTECT_GLOBAL_SERVICES="yes" FW_PROTECT_FORM_INTERNAL="no" FW_TRUSTED_HOSTS="" FW_IP_SERVICES_TRUSTED="" FW_UDP_SERVICES_TRUSTED="" FW_SERVICES_INTERNAL_TCP="" # Common: ssh smtp domain
On this line you have to open up the ports needed from your internal lan on your firewall, eg. 139 (???) for samba etc.. You've told your firewall to deny everything, that's why no one is able to connect.... Greetings from Leipzig, Ralf
FW_SERVICES_INTERNAL_UDP="" # Common: domain syslog
FW_SERVICE_SAMBA="yes" # set to "yes" if this server uses samba as client FW_STOP_KEEP_ROUTING_STATE="yes" FW_FORWARD_TCP="" FW_FORWARD_UDP="" FW_LOG_DENY_CRIT="yes" FW_LOG_DENY_ALL="yes" # Default FW_LOG_ACCEPT_ALL="no" FW_LOG_ACCEPT_ALL="no" FW_ALLOW_PING="no" FW_ALLOW_FW_TRACEROUTE="no" # Default no FW_ALLOW_FW_SOURCEQUENCH="yes" FW_MASQ_MODULES="autofw cuseeme ftp irc mfw portfw user"
Thx a lot!
Benny
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com