Mailinglist Archive: opensuse-security (359 mails)
| < Previous | Next > |
Problems with a simple Firewall2 config
- From: "Knut Erik Hauslo" <KNUTH@xxxxxxxxxxxx>
- Date: Tue, 15 Jul 2003 13:12:58 +0200
- Message-id: <876E796441495649AB4AE82092A0784A3D8D21@xxxxxxxxxxxxxx>
Hi all,
This should be rather easy going, but I am experiencing problems. My
network looks as follows:
+-- External Net 192.168.1.0/24 --> (Eth1) SuSE 8.1 Firewall2 (Eth0)
<--- Internal Net 172.19.0.0/16
On my Internal Net there's a web-server, which machines on the extern
net may access. Using my Sniffer i can see packets going into the
internal net, but I receive nothing back, because the initiating machine
sends packets with destination port 80 TCP and sources port > 1024 TCP
which I have not explicitely opend.
The other way around is working fine (accessing HTTP and FTP resources
on the external network).
The configuration file:
FW_DEV_EXT="eth1"
FW_DEV_INT="eth0"
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="172.19.0.0/16,0/0,tcp,20 172.19.0.0/16,0/0,tcp,21
172.19.0.0/16,0/0,tcp,80"
FW_FORWARD_MASQ="0/0,172.19.6.10,tcp,80"
FW_TRUSTED_NETS=""
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"
FW_PROTECT_FROM_INTERNAL="no"
FW_LOG_DROP_CRIT="yes"
FW_LOG_ACCEPT_CRIT="no"
FW_LOG_DROP_ALL="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG="--log-level warning --log-tcp-options --log-ip-option
--log-prefix SuSE-FW"
FW_ALLOW_PING_FW="yes"
FW_IGNORE_FW_BROADCAST="yes"
What am I doing wrong?
Any hints are deeply appreciated.
Cheers,
Knut Erik
This should be rather easy going, but I am experiencing problems. My
network looks as follows:
+-- External Net 192.168.1.0/24 --> (Eth1) SuSE 8.1 Firewall2 (Eth0)
<--- Internal Net 172.19.0.0/16
On my Internal Net there's a web-server, which machines on the extern
net may access. Using my Sniffer i can see packets going into the
internal net, but I receive nothing back, because the initiating machine
sends packets with destination port 80 TCP and sources port > 1024 TCP
which I have not explicitely opend.
The other way around is working fine (accessing HTTP and FTP resources
on the external network).
The configuration file:
FW_DEV_EXT="eth1"
FW_DEV_INT="eth0"
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="172.19.0.0/16,0/0,tcp,20 172.19.0.0/16,0/0,tcp,21
172.19.0.0/16,0/0,tcp,80"
FW_FORWARD_MASQ="0/0,172.19.6.10,tcp,80"
FW_TRUSTED_NETS=""
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"
FW_PROTECT_FROM_INTERNAL="no"
FW_LOG_DROP_CRIT="yes"
FW_LOG_ACCEPT_CRIT="no"
FW_LOG_DROP_ALL="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG="--log-level warning --log-tcp-options --log-ip-option
--log-prefix SuSE-FW"
FW_ALLOW_PING_FW="yes"
FW_IGNORE_FW_BROADCAST="yes"
What am I doing wrong?
Any hints are deeply appreciated.
Cheers,
Knut Erik
| < Previous | Next > |