Home | Content | Search | Navigation | Indexes
 

Mailinglist Archive: opensuse (3394 mails)

< Previous Next >
[SLE] Need help with Simple IP Masquerading
  • From: moseley@xxxxxxxx (Bill Moseley)
  • Date: Sat, 18 Mar 2000 08:35:11 -0800
  • Message-id: <3.0.3.32.20000318083511.00ef950c@xxxxxxxxxxxxxxxxxx>



Ok, I've done my best to get this working over the last few days. And I
know I'm missing something really obvious.

The SuSE box dials up my ISP fine, and Internet access works fine from this
box. The Win98 box can access the SuSE box without a problem.

At this point all I want is masquerading -- the Win98 box on the internal
network should have full access to the SuSE box services, too.

I get this in /var/log/messages when trying to access an external web site
via the Win98 PC (the Win98 is 192.168.0.98).

Mar 18 07:53:08 SuSE kernel: Packet log: forward DENY ppp0 PROTO=6
192.168.0.98:1152 209.144.167.153:80 L=48 S=0x00 I=43797 F=0x4000 T=127 SYN
(#2)

SuSE 6.3
firewal 2.0-5 loaded by rpm yesterday.

SuSE box: 192.168.10.99
Win98 box: 192.168.10.98

Using:
/sbin/init.d/firewall start
or
SuSEfirewall start

/etc/rc.config: START_FW="yes"

FW_DEV_WORLD="ppp0"
FW_DEV_INT="eth0"
FW_DEV_DMZ=""
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_NETS="192.168.10.0/24"
FW_MASQ_DEV="$FW_DEV_WORLD" # e.g. "ippp0" or "$FW_DEV_WORLD"
FW_PROTECT_FROM_INTERNAL="no"
FW_AUTOPROTECT_GLOBAL_SERVICES="no"
FW_SERVICES_EXTERNAL_TCP="" # Common: smtp domain
FW_SERVICES_EXTERNAL_UDP="" # Common: domain
FW_SERVICES_DMZ_TCP="" # Common: smtp domain
FW_SERVICES_DMZ_UDP="" # Common: domain syslog
FW_SERVICES_INTERNAL_TCP="" # Common: ssh smtp domain
FW_SERVICES_INTERNAL_UDP="" # Common: domain
FW_TRUSTED_NETS=""
FW_SERVICES_TRUSTED_TCP="" # Common: ssh
FW_SERVICES_TRUSTED_UDP="" # Common: syslog time ntp
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" # Common: "ftp-data" (sadly!)
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" # Common: "dns"
FW_SERVICE_DNS="no" # if yes, FW_TCP_SERVICES_* needs to have port 53
FW_SERVICE_DHCLIENT="no" # if you use dhclient to get an ip address
FW_SERVICE_DHCPD="no" # set to yes, if this server is a DHCP server
FW_FORWARD_TCP="" # Beware to use this!
FW_FORWARD_UDP="" # Beware to use this!
FW_REDIRECT_TCP=""
FW_REDIRECT_UDP=""
FW_LOG_DENY_CRIT="yes"
FW_LOG_DENY_ALL="yes"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_FW_TRACEROUTE="no"
FW_ALLOW_FW_SOURCEQUENCH="yes"
FW_MASQ_MODULES="autofw cuseeme ftp irc mfw portfw quake raudio user vdolive"

Bill Moseley
mailto:moseley@xxxxxxxx


--
To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/


< Previous Next >