Mailinglist Archive: opensuse (4343 mails)
| < Previous | Next > |
Re: [SLE] [SuSE 8.1] USB SpeedTouch modem user can't start SuSEfirewall2
- From: FX Fraipont <fxf@xxxxxxxxx>
- Date: Fri, 08 Nov 2002 21:08:09 +0100
- Message-id: <3DCC19A9.2040509@xxxxxxxxx>
Togan Muftuoglu wrote:
This is what I had in previous SuSe versions (7.3 7.1), but 0/0 was the default, so I left it that way. You are surely right.
This is quite messy, I must admit, and is the result of some experimentation due to the fact that my smtp does not work anymore since my ISP decided to block port 25. I didn't quite know how to define another port for sendmail. I tried 2500, but I see 2500 is in use on 8.1. So I still don't know.
Right. If I use pop or imap, shouldn't port 143 be open? And where should I specify this?
Thanks for your comments.
FX
--
______________________
Courtesy of SuSE Linux
nibz.org
* FX Fraipont; <fxf@xxxxxxxxx> on 08 Nov, 2002 wrote:
#
FW_MASQ_NETS="0/0"
????? it would be better in my opinion to say which networks is masquearded ie
192.168.1.0/24 much safer
This is what I had in previous SuSe versions (7.3 7.1), but 0/0 was the default, so I left it that way. You are surely right.
# For FW_SERVICES_*_IP enter the protocol name (like "igmp") or number ("2")
#
# Common: smtp domain
FW_SERVICES_EXT_TCP="http 80 pop3 smtp 25 ssh telnet "
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ http and 80
smtp and 25
just say "www smtp" and if yopuare using telnet why bother with ssh ?
# Common: domain
FW_SERVICES_EXT_UDP="www"
www is TCP not UDP
#
# Common: ssh smtp domain
FW_SERVICES_INT_TCP="ssh smtp 25 26 143 www 80"
"ssh smtp 26 143 www"
This is quite messy, I must admit, and is the result of some experimentation due to the fact that my smtp does not work anymore since my ISP decided to block port 25. I didn't quite know how to define another port for sendmail. I tried 2500, but I see 2500 is in use on 8.1. So I still don't know.
FW_ALLOW_INCOMING_HIGHPORTS_TCP="2500 143"
^^^^
143 is not a highport
Right. If I use pop or imap, shouldn't port 143 be open? And where should I specify this?
It does! I don't claim to be an expert, it is only a setup I found was working for me, after some experimentation ....
# Common: "DNS" or "domain ntp", better is "yes" to be sure ...
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
I would have put just "DNS" makes more secure
# if everything still works. (It should!) ;-)
#
# Choice: "yes" or "no", if not set defaults to "yes"
#
FW_KERNEL_SECURITY="no"
yes is much better
This is my opinion your mileage may vary
Thanks for your comments.
FX
--
______________________
Courtesy of SuSE Linux
nibz.org
| < Previous | Next > |