Mailinglist Archive: opensuse-security (575 mails)

< Previous Next >
Re: [suse-security] SuseFirewall2 DMZ
  • From: "Chris FitzGerald" <mersco@xxxxxxxxxx>
  • Date: Fri, 8 Nov 2002 16:43:06 +0100
  • Message-id: <031f01c2873d$8a18a160$5301440a@xxxxxxxxxxxx>
Oops ..

sorry ...

FW_FORWARD="192.168.1.0/24,192.168.5.2,tcp,80"


is correct ...

regards

all the other changes have to be done. ...

_____________________________________________
Make money while you work !!! No surfing required!
http://www.degoo.com/index.php?refid=mersco

This is for real !!!
----- Original Message -----
From: "Chris FitzGerald" <mersco@xxxxxxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Friday, November 08, 2002 4:41 PM
Subject: Re: [suse-security] SuseFirewall2 DMZ


> Hi,
>
> Make these changes :
>
> FW_SERVICES_EXT_TCP="80"
> FW_SERVICES_EXT_UDP="80"
> FW_SERVICES_EXT_IP="80"
>
> This will allow Internetusers access to your webserver
>
>
>
> FW_SERVICES_INT_TCP="80"
> FW_SERVICES_INT_UDP="80"
> FW_SERVICES_INT_IP="80"
>
> This will allow your LAN to access the webserver
>
>
>
>
> FW_FORWARD=""
> This is only for Public IP adresses so leave this empty
>
>
> This should do the trick ;)
>
>
> Regards
> Chris
>
>
>
>
> _____________________________________________
> Make money while you work !!! No surfing required!
> http://www.degoo.com/index.php?refid=mersco
>
> This is for real !!!
> ----- Original Message -----
> From: "Frédéric Poulet" <pofrederic@xxxxxxxx>
> To: <suse-security@xxxxxxxx>
> Sent: Friday, November 08, 2002 4:36 PM
> Subject: Re: [suse-security] SuseFirewall2 DMZ
>
>
> > My susefirewall2 file is :
> >
> > # 1.)
> >
> > # 2.)
> > FW_DEV_EXT="ppp0"
> >
> > # 3.)
> > FW_DEV_INT="eth1"
> >
> > # 4.)
> > FW_DEV_DMZ="eth2"
> >
> > # 5.)
> > FW_ROUTE="yes"
> >
> > #6
> > FW_MASQUERADE="yes"
> > FW_MASQ_DEV="$FW_DEV_EXT"
> > FW_MASQ_NETS="192.168.1.0/24 192.168.5.0/24"
> >
> > # 7.)
> > FW_PROTECT_FROM_INTERNAL="no"
> >
> > # 8.)
> > FW_AUTOPROTECT_SERVICES="yes"
> >
> > # 9.)
> > FW_SERVICES_EXT_TCP=""
> > FW_SERVICES_EXT_UDP=""
> > FW_SERVICES_EXT_IP=""
> > #
> > FW_SERVICES_DMZ_TCP="80"
> > FW_SERVICES_DMZ_UDP="80"
> > FW_SERVICES_DMZ_IP="80"
> > #
> > FW_SERVICES_INT_TCP=""
> > FW_SERVICES_INT_UDP=""
> > FW_SERVICES_INT_IP=""
> >
> > # 10.)
> > FW_TRUSTED_NETS=""
> >
> > # 11.)
> > FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"
> > FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
> >
> > # 12.)
> > FW_SERVICE_AUTODETECT="yes"
> > FW_SERVICE_DNS="no"
> > FW_SERVICE_DHCLIENT="no"
> > FW_SERVICE_DHCPD="no"
> > FW_SERVICE_SQUID="no"
> > FW_SERVICE_SAMBA="no"
> >
> > # 13.)
> > FW_FORWARD="192.168.1.0/24,192.168.5.2,tcp,80"
> >
> > # 14.)
> > FW_FORWARD_MASQ="0/0,192.168.5.2,tcp,80"
> >
> > # 15.)
> > FW_REDIRECT=""
> >
> > # 16.)
> > FW_LOG_DROP_CRIT="yes"
> > FW_LOG_DROP_ALL="yes"
> > FW_LOG_ACCEPT_CRIT="no"
> > FW_LOG_ACCEPT_ALL="no"
> > FW_LOG="--log-level
warning --log-tcp-options --log-ip-option --log-prefix
> SuSE-FW"
> >
> > # 17.)
> > FW_KERNEL_SECURITY="yes"
> >
> > # 18.)
> > FW_STOP_KEEP_ROUTING_STATE="no"
> >
> > # 19.)
> > FW_ALLOW_PING_FW="yes"
> > FW_ALLOW_PING_DMZ="yes"
> > FW_ALLOW_PING_EXT="yes"
> >
> > ##
> > # END of rc.firewall
> > ##
> >
> > #
> #
> >
>
#-------------------------------------------------------------------------#
> > #
> #
> > # EXPERT OPTIONS - all others please don't change these!
> #
> > #
> #
> >
>
#-------------------------------------------------------------------------#
> > #
> #
> >
> > #
> > # 20.)
> > # Allow (or don't) ICMP time-to-live-exceeded to be send from your
> firewall.
> > # This is used for traceroutes to your firewall (or traceroute like
> tools).
> > #
> > # Please note that the unix traceroute only works if you say "yes" to
> > # FW_ALLOW_INCOMING_HIGHPORTS_UDP, and windows traceroutes only if you
say
> > # additionally "yes" to FW_ALLOW_PING_FW
> > #
> > # Choice: "yes" or "no", defaults to "no" if not set.
> > #
> > FW_ALLOW_FW_TRACEROUTE="yes"
> >
> > #
> > # 21.)
> > # Allow ICMP sourcequench from your ISP?
> > #
> > # If set to yes, the firewall will notice when connection is choking,
> however
> > # this opens yourself to a denial of service attack. Choose your poison.
> > #
> > # Choice: "yes" or "no", defaults to "yes"
> > #
> > FW_ALLOW_FW_SOURCEQUENCH="yes"
> >
> > #
> > # 22.)
> > # Allow/Ignore IP Broadcasts?
> > #
> > # If set to yes, the firewall will not filter broadcasts by default.
> > # This is needed e.g. for Netbios/Samba, RIP, OSPF where the broadcast
> > # option is used.
> > # If you do not want to allow them however ignore the annoying log
> entries,
> > # set FW_IGNORE_FW_BROADCAST to yes.
> > #
> > # Choice: "yes" or "no", defaults to "no" if not set.
> > #
> > FW_ALLOW_FW_BROADCAST="no"
> > #
> > FW_IGNORE_FW_BROADCAST="yes"
> >
> > #
> > # 23.)
> > # Allow same class routing per default?
> > # REQUIRES: FW_ROUTE
> > #
> > # Do you want to allow routing between interfaces of the same class
> > # (e.g. between all internet interfaces, or all internal network
> interfaces)
> > # be default (so without the need setting up FW_FORWARD definitions)?
> > #
> > # Choice: "yes" or "no", defaults to "no"
> > #
> > FW_ALLOW_CLASS_ROUTING="no"
> >
> > #
> > # 25.)
> > # Do you want to load customary rules from a file?
> > #
> > # This is really an expert option. NO HELP WILL BE GIVEN FOR THIS!
> > # READ THE EXAMPLE CUSTOMARY FILE AT
> /etc/sysconfig/scripts/SuSEfirewall2-custom
> > #
> > #FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
> >
> >
> > ___________________________________________________________
> > Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
> > Yahoo! Mail : http://fr.mail.yahoo.com
> >
> > --
> > Check the headers for your unsubscription address
> > For additional commands, e-mail: suse-security-help@xxxxxxxx
> > Security-related bug reports go to security@xxxxxxx, not here
> >
> >
>
>
>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>
>




< Previous Next >