Mailinglist Archive: opensuse (3648 mails)
| < Previous | Next > |
Re: [SLE] firewall/router
- From: Anders Johansson <andjoh@xxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 10 Jul 2001 18:32:50 +0200
- Message-id: <200107101631.f6AGV6o17814@xxxxxxxxxxxxxxxxxxxxx>
On Tuesday 10 July 2001 18:23, Computer Books For Less wrote:
> At 04:53 PM 7/9/01, you wrote:
> >Hi bruce !
> >
> >There is a nice tutorian on www.ibm.com in the developerworks section.
> >You can search it by the title "Linux 2.4 stateful firewall design".
> >It is a tutorial for what you want to do. Its very easy and short.
> >
> >
> >But it uses iptables.......I hope it hepls!!
> >
> >Good Luck!
> >
> >Augusto.
> >
> >At 03:47 p.m. 09/07/2001 -0400, you wrote:
> >>hi,
> >>
> >>
> >>_________
> >>_______ ________ ______________|box 1/linux|
> >>cable |---------| router |___hub_____|
> >>
> >>|_________|
> >>
> >> modem| |_______
> >>
> >> | | _______
> >>
> >>------------| |_____________
> >>
> >>|WinME |
> >>
> >>"""""""""""
> >>
> >>Well after much dickering around I've got me SuSE 7.1 this far on my
> >>router box
> >>
> >>1. I can now ping my eth0 and eth1 on my router from box1/linux
> >>2. I con now ping www.yahoo.com for my router
> >>3. I can now ping eth0 on my box from the router
> >>
> >>4. I can not exist router from "box1/linux" to the internet and beyond.
> >>
> >>I'm running SuSEfirewall1
> >>
> >>based no what I've seen in the firewall log I'm lead to believe that it
> >>is the firewall that is not letting me out. If this is true which
> >>setting could be the culprit?
> >>
> >>I've read the doc's for the firewall been through the config a dozen
> >>times. I'm sure it is just something simple, if you think you might know
> >>please drop you suggestions to the list. Thanks.
>
> Thanks for the pointer, but I'd like to solve the problem with the
> SuSEfirewall first before I tackle IPtables and the 2.4.X kernel.
>
>
>
>
> Sincerely,
>
> Bruce Harding
> Manager: Computer Books For Less
> Manager of Procurements: Computer Supply House
>
> 105 O'Connor Street
> Ottawa ON K1P 5M8
> Canada
> Phone: 613-233-7418
> Fax: 613-233-6823
>
> http://www.computerbooksforless.com
You didn't mention what IP number sequences were used, but have you set
FW_FORWARD_TCP to "yes", and if your using private sequences, have you set
FW_MASQ to "yes".
Perhaps it would be easier if you posted your firewall.rc.config
Regards
Anders
> At 04:53 PM 7/9/01, you wrote:
> >Hi bruce !
> >
> >There is a nice tutorian on www.ibm.com in the developerworks section.
> >You can search it by the title "Linux 2.4 stateful firewall design".
> >It is a tutorial for what you want to do. Its very easy and short.
> >
> >
> >But it uses iptables.......I hope it hepls!!
> >
> >Good Luck!
> >
> >Augusto.
> >
> >At 03:47 p.m. 09/07/2001 -0400, you wrote:
> >>hi,
> >>
> >>
> >>_________
> >>_______ ________ ______________|box 1/linux|
> >>cable |---------| router |___hub_____|
> >>
> >>|_________|
> >>
> >> modem| |_______
> >>
> >> | | _______
> >>
> >>------------| |_____________
> >>
> >>|WinME |
> >>
> >>"""""""""""
> >>
> >>Well after much dickering around I've got me SuSE 7.1 this far on my
> >>router box
> >>
> >>1. I can now ping my eth0 and eth1 on my router from box1/linux
> >>2. I con now ping www.yahoo.com for my router
> >>3. I can now ping eth0 on my box from the router
> >>
> >>4. I can not exist router from "box1/linux" to the internet and beyond.
> >>
> >>I'm running SuSEfirewall1
> >>
> >>based no what I've seen in the firewall log I'm lead to believe that it
> >>is the firewall that is not letting me out. If this is true which
> >>setting could be the culprit?
> >>
> >>I've read the doc's for the firewall been through the config a dozen
> >>times. I'm sure it is just something simple, if you think you might know
> >>please drop you suggestions to the list. Thanks.
>
> Thanks for the pointer, but I'd like to solve the problem with the
> SuSEfirewall first before I tackle IPtables and the 2.4.X kernel.
>
>
>
>
> Sincerely,
>
> Bruce Harding
> Manager: Computer Books For Less
> Manager of Procurements: Computer Supply House
>
> 105 O'Connor Street
> Ottawa ON K1P 5M8
> Canada
> Phone: 613-233-7418
> Fax: 613-233-6823
>
> http://www.computerbooksforless.com
You didn't mention what IP number sequences were used, but have you set
FW_FORWARD_TCP to "yes", and if your using private sequences, have you set
FW_MASQ to "yes".
Perhaps it would be easier if you posted your firewall.rc.config
Regards
Anders
| < Previous | Next > |