Mailinglist Archive: opensuse (4348 mails)

< Previous Next >
Re: [SLE] SuSe Firewalling and protecting against hackers
  • From: PUTH CHAN CHOTH <choth@xxxxxxxxxxxxxxx>
  • Date: Wed, 02 Oct 2002 11:51:43 +0700
  • Message-id: <3D9A7B5F.CCD4CD08@xxxxxxxxxxxxxxx>
Dear Gurus,

Well, I would like to give all ny /etc/rc.config.d/firewall.rc.config like the
following:

START_FW="yes"
FW_DEV_WORLD="eth1"
FW_DEV_INT="eth0"
FW_DEV_EXT="eth1"
FW_ROUTE="yes"
FW_SERVICES_EXT_TCP="25 80"
FW_SERVICES_INT_TCP="22 25 53 80 110 3128"
FW_SERVICES_INT_UDP="53"
FW_SERVICE_DNS="yes"
FW_STOP_KEEP_ROUTING_STATE="yes"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"

And then when I type: SuSEfirewall start and then my LAN cannot access to the Internet
and I do not know why? Would you mind to tell me what can I do to make this firewall
up and running? Thank you so much for your assistance.

Best regards,

Choth

Togan Muftuoglu wrote:

> * PUTH CHAN CHOTH; <choth@xxxxxxxxxxxxxxx> on 02 Oct, 2002 wrote:
> >The firewall script needs to know the external (internet) interface!
>
> Define the FW_DEV_WORLD variable ( there is no commenting out in the
> SuSEfirewall script you either use the choices "yes" or "no" or define
> the interfaces ie "eth0" "ppp0" and write the services "25" or "smtp"
>
> >SuSEfirewall: clearing rules now ... done
> >
> >My eth1 is connected to the Internet and eth0 is connected to the LAN. I would
> >like to configure my firewall and can let the LAN be able to use Squid on port
> >3128, WWW:80, SMTP:25, POP3:110, SSH:22 and let the outsider to be able to access
> >only WWW:80, SMTP:25.
>
> ># 1.)
> ># Should the Firewall be started?
> >#
> ># This setting is done in /etc/rc.config (START_FW="yes")
> >#################
> >#START_FW="yes" I have already configured START_FW="yes" in /etc/rc.config so I
> >commented this out
>
> START_FW="yes
>
> ># 2.)
> >#
> >#FW_DEV_WORLD=""
> >#######################
>
> why do you comment it out the script has to read this variable
>
> FW_DEV_WORLD="eth1"
>
> ># 3.)
> ># Which is the interface that points to the internal network?
> >#
> ># Enter all the network devices here which are trusted.
> ># If you are not connected to a trusted network (e.g. you have just a
> ># dialup) leave this empty.
> >#
> ># Choice: leave empty or any number of devices, seperated by a space
> ># e.g. "tr0", "eth0 eth1" or ""
> >#
> >FW_DEV_INT=""
> >###########################
>
> why do you comment it out the script has to read this variable
>
> FW_DEV_INT="eth0"
>
> --
>
> Togan Muftuoglu
> Unofficial SuSE FAQ Maintainer
> http://dinamizm.ath.cx
>
> --
> Check the headers for your unsubscription address
> For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
> Also check the archives at http://lists.suse.com
> Please read the FAQs: suse-linux-e-faq@xxxxxxxx


< Previous Next >