Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
Problems with SuSEfirewall2 (where #1 worked)
- From: "Joerg Pleumann" <joerg.pleumann@xxxxxxxxxx>
- Date: Tue, 13 Nov 2001 12:03:31 +0100
- Message-id: <004d01c16c32$d4a65640$5c00a8c0@ls10pc50>
Hello,
as the subject says, I'm having problems with SuSEfirewall2. I just replaced
my working SuSE 7.0/SuSEfirewall1 setup with a new 7.3 installation. My
Linux machine does DSL dial-on-demand and masquerades several other machines
in the internal network, giving them internet access. The masqueraded
machines are allowed to do anything they want. The outside world is allowed
to access ssh and www on the firewall, but nothing else.
As I said, I had a working setup for SuSE 7.0, which basically looked like
this (new key names used here):
FW_DEV_EXT=ppp0
FW_DEV_INT=eth0
FW_ROUTE=yes
FW_MASQUERADE=yes
FW_MASQ_NETS=192.168.0.0/24
FW_PROTECT_FROM_INTERNAL=no
FW_AUTOPROTECT_SERVICES=yes
FW_SERVICES_EXT_TCP=ssh www
I tried to use the same setup with SuSEfirewall1 (the updated package from
the SuSE web site) first. It worked, but I couldn't live with the
restrictions (no FTP, ...), so I tried SuSEfirewall2 with mostly the same
settings. Masquerading seems to work, as well as the firewall itself
(nothing except ssh and www arrives at the machine), but there's one problem
that I can't get rid of: The firewall machine itself is not able to access
either the internal network or the internet. Error messages look like this:
[...] SuSE-FW-UNALLOWED-TARGETIN=ppp0 [...] SRC=217.5.115.7
DST=217.226.71.131 [...]
and
[...] SuSE-FW-UNALLOWED-TARGETIN=ppp0 [...] SRC=194.25.2.129
DST=217.226.71.131 [...]
where the SRC IPs belong to the two DNS is use, and the DST IP is the one
dynamically assigned to me. I tried some additional settings, for example
FW_ALLOW_CLASS_ROUTING, but to no avail.
Any pointers into the right direction would be greatly appreciated.
Regards,
Joerg Pleumann
as the subject says, I'm having problems with SuSEfirewall2. I just replaced
my working SuSE 7.0/SuSEfirewall1 setup with a new 7.3 installation. My
Linux machine does DSL dial-on-demand and masquerades several other machines
in the internal network, giving them internet access. The masqueraded
machines are allowed to do anything they want. The outside world is allowed
to access ssh and www on the firewall, but nothing else.
As I said, I had a working setup for SuSE 7.0, which basically looked like
this (new key names used here):
FW_DEV_EXT=ppp0
FW_DEV_INT=eth0
FW_ROUTE=yes
FW_MASQUERADE=yes
FW_MASQ_NETS=192.168.0.0/24
FW_PROTECT_FROM_INTERNAL=no
FW_AUTOPROTECT_SERVICES=yes
FW_SERVICES_EXT_TCP=ssh www
I tried to use the same setup with SuSEfirewall1 (the updated package from
the SuSE web site) first. It worked, but I couldn't live with the
restrictions (no FTP, ...), so I tried SuSEfirewall2 with mostly the same
settings. Masquerading seems to work, as well as the firewall itself
(nothing except ssh and www arrives at the machine), but there's one problem
that I can't get rid of: The firewall machine itself is not able to access
either the internal network or the internet. Error messages look like this:
[...] SuSE-FW-UNALLOWED-TARGETIN=ppp0 [...] SRC=217.5.115.7
DST=217.226.71.131 [...]
and
[...] SuSE-FW-UNALLOWED-TARGETIN=ppp0 [...] SRC=194.25.2.129
DST=217.226.71.131 [...]
where the SRC IPs belong to the two DNS is use, and the DST IP is the one
dynamically assigned to me. I tried some additional settings, for example
FW_ALLOW_CLASS_ROUTING, but to no avail.
Any pointers into the right direction would be greatly appreciated.
Regards,
Joerg Pleumann
| < Previous | Next > |