Axel Sintermann
Would you mind to mention what kind of instance this was?
Sure. I needed to terminate Microsoft PPTP VPN on an internal machine running MS PPTP VPN Server. The Susefirewall2 script allows you to terminate these sessions on the firewall directly with no problem. My problem was that I needed the MS Authentication to occur and being a firewall, I did not want to run SMB or allow the FW to query the auth to the NT system. I set up an allow rule for the IP addesses of the various users (simple because all had fixed IP) Then I installed a little script (pptpproxy) ala freshmeat. (I had a look at this dudes code and it is very neat and clean - ok, so I am no programmer, but it looks pretty good) To run the PPTPROXY, I configured ini /etc/sysconfig/SuSEfirewall2 [snip] # Common: ssh smtp domain FW_SERVICES_EXT_TCP="1721" ## Type: string # Common: domain syslog FW_SERVICES_EXT_UDP="" # For VPN/Routing which END at the firewall!! FW_SERVICES_EXT_IP="gre" [/snip] and did the same for FW_SERVICES_DMZ_IP This did allow me to run a very neat little app that proxied the connection between interfaces. (could use this for any number of protocols (gre=47)
I still don't know how to use the iptables -I OUTPUT --match owner --uid-owner foobar [...] feature _within_ SuSEfirewall2 (SuSE 8.1).
(No problem to do this separately from SuSEfirewall2; the solution is right there above.)
Yup, the real problem was that SuSEfirewall2 did not allow that to be configured, I didn't want (eventually) to use the direct IPtables commands as if I am not available and somebody else has to admin the box that type of stuff gets forgotten. Keep it simple and it is supportable by a number of people.
Hints, anybody?
no more from me sorry, anyone else?