* Nick Selby;
that Iwas not letting that happen:
FW_MASQUERADE="no"
set this to "yes"
FW_MASQ_DEV=""
set this $DEV_WORLD and set the MASQ_NETS to your network scheme and try again
QUESTION 1: The FAQ and the config file say this: # If set to "yes", all network access to services TCP and UDP on this machine # will be prevented (except to those which you explicitly allow, see below: # FW_SERVICES_{EXT,DMZ,INT}_{TCP,UDP}) # # Choice: "yes" or "no", defaults to "yes" # FW_AUTOPROTECT_SERVICES="yes"
Okay, now I have a network running here, over which I must access the internet from another machine which dials and provides IP forwarding and masquerading. It talks to my ISP and I talk to it. Now, This is a TCP/IP network.
Does leaving this FW_AUTOPROTECT_SERVICES="yes" DISABLE my TCP/IP and hence stop me from using my local network to access the internet? Or is that just too simple?
no when you say autodetetect and basicly running netstat lsof and a combination of awk, shell scripts SuSEfirewall2 finds out the services that you are rınning on the firewall machine like smtp ssh ftp www and protects default if you define the services at FW_SERVICES_EXTERNAL_TCP="ssh" for instance it will let access to ssh otherwise everything is protected. Actually pretty neat -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx