Mailinglist Archive: opensuse (2886 mails)
| < Previous | Next > |
SuSEfirewall5.1 and droping internal lan
- From: Togan Muftuoglu <toganm@xxxxxxxxxxxx>
- Date: Fri, 1 Feb 2002 20:47:53 +0200
- Message-id: <20020201204753.B27610@xxxxxxxxxxxx>
Hi,
I have a setup as follows
Internet =pppoe fixed ip LAN= eth0 192.168.1.0/24
DMZ= eth2 192.168.2.0/29
I have set SuSE firewall 5.1 on the Firewall/router box and on the DMZ
box.
Evertyhing works fine until LAN starts a rsync or an ftp request. Then
the commnication to LAN drops down I need to bring eth0 down and up again. If it's mail or web traffic everything works fine. Below is my setup for the main firewall. What do I need to stop the LAN from droping . So far I
just set a cron job which checks the LAN connection for eth0 and if ping
does not answer runs /sbin/ifconfig eth 0 up. Any ideas what causing
this
FW_DEV_WORLD="ppp0"
FW_DEV_INT="eth0"
FW_DEV_DMZ="eth2"
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_NETS="192.168.1.0/24 192.168.2.0/29"
FW_MASQ_DEV="$FW_DEV_WORLD"
FW_PROTECT_FROM_INTERNAL="yes"
FW_AUTOPROTECT_GLOBAL_SERVICES="yes"
FW_SERVICES_EXTERNAL_TCP="22 25 80 443"
FW_SERVICES_EXTERNAL_UDP=""
FW_SERVICES_DMZ_TCP="domain ssh 80 443"
FW_SERVICES_DMZ_UDP="domain"
FW_SERVICES_INTERNAL_TCP="21 22 25 53 110 119 161 162 873 6667"
FW_SERVICES_INTERNAL_UDP="domain 161 162"
FW_SERVICES_INTERNAL_IP=""
FW_TRUSTED_NETS="192.168.1.3"
FW_SERVICES_TRUSTED_TCP="ssh 161:162"
FW_SERVICES_TRUSTED_UDP="ssh 161:162"
FW_SERVICES_TRUSTED_IP="icmp"
FW_SERVICES_TRUSTED_ACL=""
FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS"
FW_SERVICE_DNS="yes"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="no"
FW_SERVICE_SAMBA="no"
FW_FORWARD_TCP="192.168.1.3,192.168.2.2,22 \
192.168.1.3,192.168.2.2,161:162"
FW_FORWARD_UDP="192.168.1.3,192.168.2.2,161:162"
FW_FORWARD_IP=""
FW_FORWARD_MASQ_TCP="0/0,192.168.2.2,80 0/0,192.168.2.2,443\
216.200.145.35,192.168.1.3,25 216.200.145.36,192.168.1.3,25\
216.200.145.37,192.168.1.3,25 216.200.145.38,192.168.1.3,25 "
FW_FORWARD_MASQ_UDP=""
# Redirect TCP connections
FW_REDIRECT_TCP="192.168.1.0/24,0/0,21,21 192.168.1.0/24,0/0,6667,7666"
# Redirect UDP connections
FW_REDIRECT_UDP=""
# Log critical denied network packets
FW_LOG_DENY_CRIT="yes"
# Log all denied packets
FW_LOG_DENY_ALL="no"
# Log critical accepted packets
FW_LOG_ACCEPT_CRIT="yes"
# Log all accepted packets
FW_LOG_ACCEPT_ALL="no"
FW_KERNEL_SECURITY="no"
FW_STOP_KEEP_ROUTING_STATE="yes"
# Allow ping on firewall
FW_ALLOW_PING_FW="yes"
# Allow ping on DMZ targets
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_FW_TRACEROUTE="no"
FW_ALLOW_FW_SOURCEQUENCH="yes"
#using ftp-proxy so redirect 21 ->
#using tircproxy so redirect 6667 ->7666
FW_MASQ_MODULES="autofw cuseeme mfw portfw h323 quake raudio user vdolive"
FW_CUSTOMRULES="/etc/rc.config.d/firewall-custom.rc.config"
--
Togan Muftuoglu
Unofficial SuSE FAQ Maintainer
http://dinamizm.ath.cx
I have a setup as follows
Internet =pppoe fixed ip LAN= eth0 192.168.1.0/24
DMZ= eth2 192.168.2.0/29
I have set SuSE firewall 5.1 on the Firewall/router box and on the DMZ
box.
Evertyhing works fine until LAN starts a rsync or an ftp request. Then
the commnication to LAN drops down I need to bring eth0 down and up again. If it's mail or web traffic everything works fine. Below is my setup for the main firewall. What do I need to stop the LAN from droping . So far I
just set a cron job which checks the LAN connection for eth0 and if ping
does not answer runs /sbin/ifconfig eth 0 up. Any ideas what causing
this
FW_DEV_WORLD="ppp0"
FW_DEV_INT="eth0"
FW_DEV_DMZ="eth2"
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_NETS="192.168.1.0/24 192.168.2.0/29"
FW_MASQ_DEV="$FW_DEV_WORLD"
FW_PROTECT_FROM_INTERNAL="yes"
FW_AUTOPROTECT_GLOBAL_SERVICES="yes"
FW_SERVICES_EXTERNAL_TCP="22 25 80 443"
FW_SERVICES_EXTERNAL_UDP=""
FW_SERVICES_DMZ_TCP="domain ssh 80 443"
FW_SERVICES_DMZ_UDP="domain"
FW_SERVICES_INTERNAL_TCP="21 22 25 53 110 119 161 162 873 6667"
FW_SERVICES_INTERNAL_UDP="domain 161 162"
FW_SERVICES_INTERNAL_IP=""
FW_TRUSTED_NETS="192.168.1.3"
FW_SERVICES_TRUSTED_TCP="ssh 161:162"
FW_SERVICES_TRUSTED_UDP="ssh 161:162"
FW_SERVICES_TRUSTED_IP="icmp"
FW_SERVICES_TRUSTED_ACL=""
FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS"
FW_SERVICE_DNS="yes"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="no"
FW_SERVICE_SAMBA="no"
FW_FORWARD_TCP="192.168.1.3,192.168.2.2,22 \
192.168.1.3,192.168.2.2,161:162"
FW_FORWARD_UDP="192.168.1.3,192.168.2.2,161:162"
FW_FORWARD_IP=""
FW_FORWARD_MASQ_TCP="0/0,192.168.2.2,80 0/0,192.168.2.2,443\
216.200.145.35,192.168.1.3,25 216.200.145.36,192.168.1.3,25\
216.200.145.37,192.168.1.3,25 216.200.145.38,192.168.1.3,25 "
FW_FORWARD_MASQ_UDP=""
# Redirect TCP connections
FW_REDIRECT_TCP="192.168.1.0/24,0/0,21,21 192.168.1.0/24,0/0,6667,7666"
# Redirect UDP connections
FW_REDIRECT_UDP=""
# Log critical denied network packets
FW_LOG_DENY_CRIT="yes"
# Log all denied packets
FW_LOG_DENY_ALL="no"
# Log critical accepted packets
FW_LOG_ACCEPT_CRIT="yes"
# Log all accepted packets
FW_LOG_ACCEPT_ALL="no"
FW_KERNEL_SECURITY="no"
FW_STOP_KEEP_ROUTING_STATE="yes"
# Allow ping on firewall
FW_ALLOW_PING_FW="yes"
# Allow ping on DMZ targets
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_FW_TRACEROUTE="no"
FW_ALLOW_FW_SOURCEQUENCH="yes"
#using ftp-proxy so redirect 21 ->
#using tircproxy so redirect 6667 ->7666
FW_MASQ_MODULES="autofw cuseeme mfw portfw h323 quake raudio user vdolive"
FW_CUSTOMRULES="/etc/rc.config.d/firewall-custom.rc.config"
--
Togan Muftuoglu
Unofficial SuSE FAQ Maintainer
http://dinamizm.ath.cx
| < Previous | Next > |