Re: [SLE] [SuSE 8.1] USB SpeedTouch modem user can't start SuSEfirewall2

8 Nov 2002

      Togan Muftuoglu wrote:
...
* FX Fraipont;  on 08 Nov, 2002 wrote:
...
#
FW_MASQ_NETS="0/0"
????? it would be better in my opinion to say which networks is 
masquearded ie
192.168.1.0/24 much safer
This is what I had in previous SuSe versions (7.3 7.1), but 0/0 was the 
default, so I left it that way. You are surely right.
...
...
# For FW_SERVICES_*_IP enter the protocol name (like "igmp") or 
number ("2")
#
# Common: smtp domain
FW_SERVICES_EXT_TCP="http 80 pop3 smtp 25 ssh telnet "
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^          http 
and 80
smtp and 25
just say "www smtp" and if yopuare using telnet why bother with ssh ?

...
...
# Common: domain
FW_SERVICES_EXT_UDP="www"
www is TCP not UDP
...
#
# Common: ssh smtp domain
FW_SERVICES_INT_TCP="ssh smtp 25 26 143 www 80"
"ssh smtp 26 143 www"
This is quite messy,  I must admit, and is the result of some 
experimentation due to the fact that my smtp does not work anymore since 
my ISP decided  to block port 25. I didn't quite know how to define 
another port for sendmail. I tried 2500, but I see 2500 is in use on 
8.1. So I still don't know.
...
...
FW_ALLOW_INCOMING_HIGHPORTS_TCP="2500 143"
^^^^
143 is not a highport
Right. If I use pop or imap, shouldn't port 143 be open? And where 
should I specify this?
...
...
# Common: "DNS" or "domain ntp", better is "yes" to be sure ...
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
I would have put just "DNS" makes more secure
...
# if everything still works. (It should!) ;-)
#
# Choice: "yes" or "no", if not set defaults to "yes"
#
FW_KERNEL_SECURITY="no"
yes is much better
This is my opinion your mileage may vary
It does! I don't claim to be an expert, it is only a setup I found was 
working for me, after some experimentation ....

Thanks for your comments.

FX

-- 
______________________
Courtesy of SuSE Linux
nibz.org