The 03.10.17 at 13:43, Marek Libra wrote:
I use Apache, SSHD, BIND 8 and SuSEfirewall on SuSE 8.1 Pro, one network card.
Do you serve those services to the outside? If not, you can close them in the firewall.
When firewall is down, nslookup translates all DNS queries well (forwarders are set correctly).
Do you intend DNS to serve outside queries (from the outside world to your machine)?
When firewall starts, no query is translated (either from local database nor from forwarded server).
Well, if it supposed to query 'eth0', it wouldn't - I mean, not local. Start 'iptraf', watch all interfaces, and see traffic flow.
In /var/log/messages there's NO record about droping packets during running nslookup.
They would show in the '/var/log/warn' if you enable them in the firewall - if they are in fact dropped.
FW_SERVICES_EXT_TCP="domain www https ssh" FW_SERVICES_EXT_UDP="domain"
Are you serving https to the outside? And ssh?
FW_ALLOW_INCOMING_HIGHPORTS_TCP="domain" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS domain" The firewall complains that highports should be open, but it works - unless you serve queries to the outside.
FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="yes"
FW_SERVICE_AUTODETECT="no" FW_SERVICE_DNS="yes"
FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW"
Correct. -- Cheers, Carlos Robinson