Hi, I hope we're almost there and appreciate the advice so far. And your comment not to give up. I have to leave the office in a few minutes for a couple of hours... On Wednesday 08 May 2002 18:40, Togan Muftuoglu wrote:
* Nick Selby;
on 08 May, 2002 wrote: that Iwas not letting that happen:
FW_MASQUERADE="no"
set this to "yes"
FW_MASQ_DEV=""
set this $DEV_WORLD
and set the MASQ_NETS to your network scheme and try again
Er... My network scheme? Choice: leave empty or any number of hosts/networks seperated by a space. # Every host/network may get a list of allowed services, otherwise everything # is allowed. A target network, protocol and service is appended by a comma to # the host/network. e.g. "10.0.0.0/8" allows the whole 10.0.0.0 network with # unrestricted access. "10.0.1.0/24,0/0,tcp,80 10.0.1.0/24,0/0tcp,21" allows # the 10.0.1.0 network to use www/ftp to the internet. # "10.0.1.0/24,tcp,1024:65535 10.0.2.0/24" is OK too. # Set this variable to "0/0" to allow unrestricted access to the internet. So if my machines all have a 192.168.X.X in there, how would I enter that ? With 192.0.0.0 ? I have several machines connected on the network with Samba allowing the windows machine to talk to me. All of us are connected to a Suse 7.2 machine running the iSDN and the masq/ip forward.
QUESTION 1: The FAQ and the config file say this: # If set to "yes", all network access to services TCP and UDP on this machine # will be prevented (except to those which you explicitly allow, see below: # FW_SERVICES_{EXT,DMZ,INT}_{TCP,UDP}) # # Choice: "yes" or "no", defaults to "yes" # FW_AUTOPROTECT_SERVICES="yes"
Okay, now I have a network running here, over which I must access the internet from another machine which dials and provides IP forwarding and masquerading. It talks to my ISP and I talk to it. Now, This is a TCP/IP network.
Does leaving this FW_AUTOPROTECT_SERVICES="yes" DISABLE my TCP/IP and hence stop me from using my local network to access the internet? Or is that just too simple?
no when you say autodetetect and basicly running netstat lsof and a combination of awk, shell scripts SuSEfirewall2 finds out the services that you are rınning on the firewall machine like smtp ssh ftp www and protects default if you define the services at FW_SERVICES_EXTERNAL_TCP="ssh" for instance it will let access to ssh otherwise everything is protected. Actually pretty neat
Ah. Funny you should mention that because I foresaw a daywhen I'd like to SSH into it and added that!!