Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
SuSEfirewall2 blocks dialin-Traffic to LAN
- From: "Karlheinz Blank" <schnuddelhut@xxxxxx>
- Date: Tue, 27 Nov 2001 09:08:48 +0100
- Message-id: <001001c1771a$c1b31a80$020da8c0@julia>
Hi,
I'm currently using a SuSE 7.3( with Kernel 2.4) server with one NIC
(eth0)[192.168.12.1];
The Server is using DSL (ppp0) with a modem attached to eth0 via a
network switch.
The DSL-Route is the default route to the internet.
Additionally I need employees to dial in via ISDN (ippp0).
Everything works ok so far. ;-)
As soon as I switch on my SuSEfirewall2, the remote dialin person is
restricted in TCP/IP
Traffic to the dialin server (e.g. Ping is only successfull to the
dialin-server, but not
Successfull to any other host in the 192.168.12.0 network).
I'm sorry - I really don't understand the misconfiguration here....
I thought, the masquerade settings are the most important here....
/etc/rc.config:
Eth0: IFCONFIG_0="192.168.12.1 broadcast 192.168.12.255 netmask
255.255.255.0 up"
Ippp0: IFCONFIG_1="192.168.12.97 pointopoint 192.168.12.1 up"
Ppp0: IFCONFIG_2="192.168.0.99 broadcast 192.168.0.255 netmask
255.255.255.0 up"
firewall2.config:
FW_DEV_EXT="ppp0"
FW_DEV_INT="eth0 ippp0"
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="192.168.12.0/24 192.168.13.0/24 192.168.15.0/24"
FW_PROTECT_FROM_INTERNAL="no"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="yes"
If there is a dialin connection to the server, the server reports the
following:
gitta:~ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
199.5.98.33 0.0.0.0 255.255.255.255 UH 0 0 0
ppp0
192.168.15.0 0.0.0.0 255.255.255.0 U 0 0 0
ippp0
192.168.12.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
192.168.12.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
0.0.0.0 199.5.98.33 0.0.0.0 UG 0 0 0
ppp0
The assigned IP-Addresses during dialin via ISDN are:
Dialin-Client: 192.168.15.33
Dialin-Server(ippp0): 192.168.12.97
Any hints?
Thanks for your help
Karlheinz
I'm currently using a SuSE 7.3( with Kernel 2.4) server with one NIC
(eth0)[192.168.12.1];
The Server is using DSL (ppp0) with a modem attached to eth0 via a
network switch.
The DSL-Route is the default route to the internet.
Additionally I need employees to dial in via ISDN (ippp0).
Everything works ok so far. ;-)
As soon as I switch on my SuSEfirewall2, the remote dialin person is
restricted in TCP/IP
Traffic to the dialin server (e.g. Ping is only successfull to the
dialin-server, but not
Successfull to any other host in the 192.168.12.0 network).
I'm sorry - I really don't understand the misconfiguration here....
I thought, the masquerade settings are the most important here....
/etc/rc.config:
Eth0: IFCONFIG_0="192.168.12.1 broadcast 192.168.12.255 netmask
255.255.255.0 up"
Ippp0: IFCONFIG_1="192.168.12.97 pointopoint 192.168.12.1 up"
Ppp0: IFCONFIG_2="192.168.0.99 broadcast 192.168.0.255 netmask
255.255.255.0 up"
firewall2.config:
FW_DEV_EXT="ppp0"
FW_DEV_INT="eth0 ippp0"
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="192.168.12.0/24 192.168.13.0/24 192.168.15.0/24"
FW_PROTECT_FROM_INTERNAL="no"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="yes"
If there is a dialin connection to the server, the server reports the
following:
gitta:~ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
199.5.98.33 0.0.0.0 255.255.255.255 UH 0 0 0
ppp0
192.168.15.0 0.0.0.0 255.255.255.0 U 0 0 0
ippp0
192.168.12.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
192.168.12.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
0.0.0.0 199.5.98.33 0.0.0.0 UG 0 0 0
ppp0
The assigned IP-Addresses during dialin via ISDN are:
Dialin-Client: 192.168.15.33
Dialin-Server(ippp0): 192.168.12.97
Any hints?
Thanks for your help
Karlheinz
| < Previous | Next > |