* Ash Corbin;
I have been reading the susefirewall2 examples and a great "unofficial faq" SuSE Firewall2 by Togan Muftoglu.
version 0.9 is the latest
5.) FW_ROUTE="no" I should set this to YES until I get my proxy going? 6.) FW_MASQUERADE="no" I should set this to YES until I get my proxy going, then set it back to NO
Your assumption is right. If there is no proxy there should be a way to route the packets from the internet to the LAN and vice versa. So set these yes to work without a proxy.
6a.) FW_MASQ_DEV="eth0" or "$FW_DEV_EXT"
leave as $FW_DEV_EXT ( setting to external interface is the same thing but for ease I let the script find it)
6b.) FW_MASQ_NETS="" This I want to restrict to only the services I use, WWW, FTP, SSH, SC, receive email via POP3, send email via SMTP, (a few games Starcraft, CounterStrike but these are to important) my internal IPs are 10.x.x.x/255.255.255.0, there are 3 machines, 2 workstations and 1 laptop.
then limit it like 10.x.x.x/24,tcp,80 10.x.x.x/24,tcp,21 10.x.x.x/24,tcp,110
7.) FW_PROTECT_FROM_INTERNAL="yes" Is this similar to FW_MASQ_NETS?
No read teh documentation
8.) FW_AUTOPROTECT_SERVICES="yes" So with this set to YES then I have to add the IP/net/protocol/port# and these need to be set in FW_SERVICES_EXT_TCP,UDP & FW_SERVICES_INT_TCP,UDP ? But that about an entry FW_SERVICE_*_TCP,UDP...?
9.) FW_SERVICES_EXT_TCP="www ssh" but what about SSL and FTP?
FW_SERVICES_EXT_* (* meaning TCP or UDP or IP) means services that you are running on the firewall machine that you provide to the world. It does not mean you need to put services that you want to reach on the Internet.
15.) FW_REDIRECT="" This I should setup for SQUID? 10.x.x.x/y,0/0,tcp,80,3128 0/0, 10.x.x.a,tcp,80,8080
There is an exapmle for this in the Unoffical SuSEFirewall2 document
If anyone can recommend any books that I should pick up that may help me understand these rules that would be great also.
Building Internet Firewalls (Zwickey,Cooper,Chapman) Published by Oreilly -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx