Dear Gurus, Well, I would like to give all ny /etc/rc.config.d/firewall.rc.config like the following: START_FW="yes" FW_DEV_WORLD="eth1" FW_DEV_INT="eth0" FW_DEV_EXT="eth1" FW_ROUTE="yes" FW_SERVICES_EXT_TCP="25 80" FW_SERVICES_INT_TCP="22 25 53 80 110 3128" FW_SERVICES_INT_UDP="53" FW_SERVICE_DNS="yes" FW_STOP_KEEP_ROUTING_STATE="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" And then when I type: SuSEfirewall start and then my LAN cannot access to the Internet and I do not know why? Would you mind to tell me what can I do to make this firewall up and running? Thank you so much for your assistance. Best regards, Choth Togan Muftuoglu wrote:
* PUTH CHAN CHOTH;
on 02 Oct, 2002 wrote: The firewall script needs to know the external (internet) interface!
Define the FW_DEV_WORLD variable ( there is no commenting out in the SuSEfirewall script you either use the choices "yes" or "no" or define the interfaces ie "eth0" "ppp0" and write the services "25" or "smtp"
SuSEfirewall: clearing rules now ... done
My eth1 is connected to the Internet and eth0 is connected to the LAN. I would like to configure my firewall and can let the LAN be able to use Squid on port 3128, WWW:80, SMTP:25, POP3:110, SSH:22 and let the outsider to be able to access only WWW:80, SMTP:25.
# 1.) # Should the Firewall be started? # # This setting is done in /etc/rc.config (START_FW="yes") ################# #START_FW="yes" I have already configured START_FW="yes" in /etc/rc.config so I commented this out
START_FW="yes
# 2.) # #FW_DEV_WORLD="" #######################
why do you comment it out the script has to read this variable
FW_DEV_WORLD="eth1"
# 3.) # Which is the interface that points to the internal network? # # Enter all the network devices here which are trusted. # If you are not connected to a trusted network (e.g. you have just a # dialup) leave this empty. # # Choice: leave empty or any number of devices, seperated by a space # e.g. "tr0", "eth0 eth1" or "" # FW_DEV_INT="" ###########################
why do you comment it out the script has to read this variable
FW_DEV_INT="eth0"
--
Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com