Mailinglist Archive: opensuse (3394 mails)

[marcelbr@xxxxxxxxxxxx (Marcel Broekman)]

Hi Bill,

I am not much of an expert but I do have a few questions:
Seems your winbox (in this case) isn't allowed to use port 1152 and 
something at port 80 isn't allowed to get back to you. What does your 
hosts.deny and hosts.allow look like on your susebox? I suppose you 
have a static IP address because you set FW_SERVICE_DHCLIENT="no". If 
not set to "yes" (this shouldn't make any difference 'cause you can 
make a connection with the susebox, right?). Did you try to set 
FW_STOP_KEEP_ROUTING_STATE="no" to "yes"? Did you set the default 
gateway to 192.168.10.99 on the winbox?

Grtjs, Marcel

>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<

On 3/18/00, 5:35:11 PM, Bill Moseley <moseley@xxxxxxxx> wrote regarding 
[SLE] Need help with Simple IP Masquerading:

> Ok, I've done my best to get this working over the last few days.  And 
I
> know I'm missing something really obvious.

> The SuSE box dials up my ISP fine, and Internet access works fine from 
this
> box.  The Win98 box can access the SuSE box without a problem.

> At this point all I want is masquerading -- the Win98 box on the 
internal
> network should have full access to the SuSE box services, too.

> I get this in /var/log/messages when trying to access an external web 
site
> via the Win98 PC (the Win98 is 192.168.0.98).

> Mar 18 07:53:08 SuSE kernel: Packet log: forward DENY ppp0 PROTO=6
> 192.168.0.98:1152 209.144.167.153:80 L=48 S=0x00 I=43797 F=0x4000 
T=127 SYN
> (#2)

> SuSE 6.3
> firewal 2.0-5 loaded by rpm yesterday.

> SuSE box:  192.168.10.99
> Win98 box: 192.168.10.98

> Using:
>    /sbin/init.d/firewall start
> or
>    SuSEfirewall start

> /etc/rc.config: START_FW="yes"

> FW_DEV_WORLD="ppp0"
> FW_DEV_INT="eth0"
> FW_DEV_DMZ=""
> FW_ROUTE="yes"
> FW_MASQUERADE="yes"
> FW_MASQ_NETS="192.168.10.0/24"
> FW_MASQ_DEV="$FW_DEV_WORLD"     # e.g. "ippp0" or "$FW_DEV_WORLD"
> FW_PROTECT_FROM_INTERNAL="no"
> FW_AUTOPROTECT_GLOBAL_SERVICES="no"
> FW_SERVICES_EXTERNAL_TCP=""     # Common: smtp domain
> FW_SERVICES_EXTERNAL_UDP=""     # Common: domain
> FW_SERVICES_DMZ_TCP=""          # Common: smtp domain
> FW_SERVICES_DMZ_UDP=""          # Common: domain syslog
> FW_SERVICES_INTERNAL_TCP=""     # Common: ssh smtp domain
> FW_SERVICES_INTERNAL_UDP=""     # Common: domain
> FW_TRUSTED_NETS=""
> FW_SERVICES_TRUSTED_TCP=""      # Common: ssh
> FW_SERVICES_TRUSTED_UDP=""      # Common: syslog time ntp
> FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"   # Common: "ftp-data" (sadly!)
> FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"           # Common: "dns"
> FW_SERVICE_DNS="no"     # if yes, FW_TCP_SERVICES_* needs to have port 
53
> FW_SERVICE_DHCLIENT="no"        # if you use dhclient to get an ip 
address
> FW_SERVICE_DHCPD="no"   # set to yes, if this server is a DHCP server
> FW_FORWARD_TCP=""               # Beware to use this!
> FW_FORWARD_UDP=""               # Beware to use this!
> FW_REDIRECT_TCP=""
> FW_REDIRECT_UDP=""
> FW_LOG_DENY_CRIT="yes"
> FW_LOG_DENY_ALL="yes"
> FW_LOG_ACCEPT_CRIT="yes"
> FW_LOG_ACCEPT_ALL="no"
> FW_KERNEL_SECURITY="yes"
> FW_STOP_KEEP_ROUTING_STATE="no"
> FW_ALLOW_PING_FW="yes"
> FW_ALLOW_PING_DMZ="no"
> FW_ALLOW_FW_TRACEROUTE="no"
> FW_ALLOW_FW_SOURCEQUENCH="yes"
> FW_MASQ_MODULES="autofw cuseeme ftp irc mfw portfw quake raudio user 
vdolive"

> Bill Moseley
> mailto:moseley@xxxxxxxx

> --
> To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
> For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
> Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/


-- 
To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx             
Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/