Starting SuseFirewall2 SuSE 8.1

13 Nov 2002

      Hello together, 

I have a Problem to start the SuSEFW2 (version 3.1).
I use ISDN dial-upconnection with dynamic ip and dns.
On SuSE 7.2 it works with the same config. well.

During the configuration by Yast a dialup-connection starts and nothing 
happens for minutes.

tcpdump says: (212.93.30.150 my provider-dns)
---
einstein:/etc/sysconfig # tcpdump -i ippp0
tcpdump: listening on ippp0
19:35:08.753066 192.168.22.1.pcg-radar > 212.93.30.150.domain:  58988+ PTR? 
ippp0.einstein.genius. (39) (DF)
19:35:13.763036 62.180.194.107.1037 > 212.93.30.150.domain:  58988+ PTR? 
ippp0.einstein.genius. (39) (DF)
19:35:13.818713 212.93.30.150.domain > 62.180.194.107.1037:  58988 NXDomain 
0/1/0 (114)
19:35:13.818715 212.93.30.150.domain > 62.180.194.107.1037:  58988 NXDomain 
0/1/0 (114)
19:35:18.773127 62.180.194.107.1037 > 212.93.30.150.domain:  58989+ PTR? 
ippp0. (23) (DF)
--- etc.

Onetime the FW get start but it blocks all dns-calls at Port 53 and every 
dialup the FW takes ca. 2 minutes to get up.

here my FW-config:
---
FW_QUICKMODE="no"
FW_DEV_EXT="ippp0"
FW_DEV_INT=""
FW_DEV_DMZ=""
FW_ROUTE="no"
FW_MASQUERADE="no"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS=""
FW_PROTECT_FROM_INTERNAL="yes"
FW_AUTOPROTECT_SERVICES="yes"
FW_SERVICES_EXT_TCP=""
FW_SERVICES_EXT_UDP=""
FW_SERVICES_EXT_IP=""
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_INT_TCP=""
FW_SERVICES_INT_UDP="domain"
FW_SERVICES_INT_IP=""
FW_SERVICES_QUICK_TCP=""
FW_SERVICES_QUICK_UDP=""
FW_SERVICES_QUICK_IP=""
FW_TRUSTED_NETS=""
FW_ALLOW_INCOMING_HIGHPORTS_TCP="no"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="domain ntp"
FW_SERVICE_AUTODETECT="yes"
FW_SERVICE_DNS="no"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="no"
FW_SERVICE_SQUID="no"
FW_SERVICE_SAMBA="no"
FW_FORWARD=""
FW_FORWARD_MASQ=""
FW_REDIRECT=""
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="yes"
FW_LOG_ACCEPT_CRIT="no"
FW_LOG_ACCEPT_ALL="no"
FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix 
SuSE-FW"
FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="yes"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="no"
FW_ALLOW_FW_TRACEROUTE="yes"
FW_ALLOW_FW_SOURCEQUENCH="yes"
FW_ALLOW_FW_BROADCAST="no"
FW_IGNORE_FW_BROADCAST="yes"
FW_ALLOW_CLASS_ROUTING="no"
FW_CUSTOMRULES=""
FW_REJECT="no"

-- 

Best Regards,
Andreas
--