Hi Thomas,
Since I could not get a connection with the T-DSL line
[ T-DSL = ADSL/pppoe ]
I unloaded Firewall2 and let Firewall2 run in test mode. With a primitive IPTables script (mainly ipforwarding and masquerading) i started the pppoed again and I get the following message from the /var/log/firewall.
Umm, I don't quite understand you, are you using _both_ Firewall2 and a "primitive IPTables script", or do you use the term "primitive..." for your config file below?
Mar 27 13:32:39 linux kernel: SuSE-FW-UNALLOWED-TARGET IN=ppp0 OUT= MAC= SRC=62.41.113.136 DST=217.1.132.119 LEN=52 TOS=0x08 PREC=0x00 TTL=52 ID=19021 DF PROTO=TCP SPT=80 DPT=1081 WINDOW=31900 RES=0x00 ACK URGP=0 OPT (0101080A032AB4AF00024C5E
This means someone tries to connect to your computer's web server, FYI.
FW_DEV_EXT="ppp0 eth0" FW_DEV_INT="eth1" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="192.168.10.0/24,0/0,tcp,1:65535 \ 192.168.10.0/24,0/0,udp,1:65535"
FW_MASQ_NETS="192.168.10.0" this should accomplish the same.
FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="no"
This variable tells the firewall to protect _your_ services from outside computers, e.g. to stop outsiders from accessing your samba shares, web server etc.
FW_SERVICES_EXT_TCP="1:65535" # Common: smtp domain
State only those things you want to give to other people from the internet. For example if you have a web server running and a ssh daemon you want to be accessible from the world, put "ssh, http" here.
FW_SERVICES_EXT_UDP="1:65535" # Common: domain
See FW_SERVICES_EXT_TCP.
FW_SERVICES_EXT_IP="" # For VPN/Routing which END at the firewall!! # FW_SERVICES_DMZ_TCP="" # Common: smtp domain FW_SERVICES_DMZ_UDP="" # Common: domain FW_SERVICES_DMZ_IP="" # For VPN/Routing which END at the firewall!! # FW_SERVICES_INT_TCP="1:65535" #Common: ssh smtp domain
Comments from above apply, now from your internal network
FW_SERVICES_INT_UDP="1:65535" #Common: domain syslog FW_SERVICES_INT_IP="" # For VPN/Routing which END at the firewall!!
FW_TRUSTED_NETS=""
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
FW_SERVICE_AUTODETECT="yes" # Autodetect the services below when starting FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no"
FW_FORWARD="0/0,0/0,tcp,1:65535 0/0,0/0,udp,1:65535"
No. This doesn't make sense, as your network is masqueraded. Note, this option is to allow _other_ people access to computers in _your_ network.
FW_FORWARD_MASQ=""
Same as above, this one for masqueraded computers.
FW_KERNEL_SECURITY="yes"
While testing, you might want to set this to "no" until everything works. Robert