-----Original Message----- From: Togan Muftuoglu [mailto:toganm@users.sourceforge.net] Sent: Friday, December 20, 2002 3:19 PM To: suse-security@suse.com Subject: Re: [suse-security] VMWare and SuSEfirewall2
* M. Neubert;
on 20 Dec, 2002 wrote: so everything is logged ( the second option is secure if the machine is attached to Internet)
FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="yes"
Why? If the packet is accepted then it's ok. The counter's in PREROUTING/forward_ext increments permanently, so forwarding works but nothing goes realy out of eth0. I think, the INPUT/OUTPUT chain should't affected.
My initial thought was to see if the packet is passing thru the chains since you mention ping is reachable and http samba works then I do not know.
I may have missed it have you tried to see the traffic via iptraf, tcpdump, ethereal etc. If not you may want to try one them. If you already did and they do not appear weird
I tried it and nothing appeared on eth0.
One thing with FW_SECURITY is if you enable it once AFAIK you can only bring to the initial stage by rebooting. That can be the cause.
Your "AFAIK" is correct but my AFAIK is, that only one kernel param can be a possible problem. This is ip_local_port_range="1024 29999". I don't know exactly which effects he has. The tcp/udp ports are in this range. Does the kernel only for this portrange forwarding/masquerading or will he not use this ports for forwarding/masq because they are reserved for local use? I think more/less that this parameter doesn't play any role. The Thread possibly becomes OT. Does somebody a good preferably SuSE referential place for this topic, or should we stay here, because it's somehow(SuSEfirewall) security related. Yours truly... Mit freundlichen Grüßen M. Neubert -- # Mario Neubert -- IT-Enterprise-Solutions # Obere Mühlenstr. 36, D-04178 Leipzig, Germany # Phone: +49 341 4422391, Fax: +49 341 44219870 # Internet: http://www.mario-neubert.de