Mailinglist Archive: opensuse (3863 mails)
| < Previous | Next > |
SLP9 - DNS on FW with MASQ
- From: David Barnes MSc <kcuk.linux@xxxxxxxxxxxxxxxx>
- Date: Sun, 8 Feb 2004 17:17:30 +0000
- Message-id: <200402081717.30260.kcuk.linux@xxxxxxxxxxxxxxxx>
I'm fairly new to SuSE 9.0 and am running a small network with firewall on a
SuSE Prof 9.0 box, with Linux and NT2000 machines behind it.
I have implemented masquerading and the Squid proxy server with no problem.
I can get BIND9 to run happily on a SP9 box behind the firewall, but cannot
get it to run ON the firewall.
I think that DNS is set up ok, as everything runs fine on the firewall when
using SuSEfirewall2 test (i.e. no firewall as no packets droped).
I really need some help here!
My firewall settings are as follows.
FW_QUICKMODE="no"
FW_DEV_EXT="eth1"
FW_DEV_INT="eth0"
FW_DEV_DMZ=""
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="0/0"
FW_PROTECT_FROM_INTERNAL="no"
FW_AUTOPROTECT_SERVICES="yes"
FW_SERVICES_EXT_TCP=""
FW_SERVICES_EXT_UDP=""
FW_SERVICES_EXT_IP=""
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_INT_TCP="domain www 3128"
FW_SERVICES_INT_UDP="domain"
FW_SERVICES_INT_IP=""
FW_SERVICES_QUICK_TCP=""
FW_SERVICES_QUICK_UDP=""
FW_SERVICES_QUICK_IP=""
FW_TRUSTED_NETS=""
FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data DNS"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="domain ntp"
FW_SERVICE_AUTODETECT="yes"
FW_SERVICE_DNS="no"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="no"
FW_SERVICE_SQUID="no"
FW_SERVICE_SAMBA="no"
FW_FORWARD=""
FW_FORWARD_MASQ=""
FW_REDIRECT="192.168.0.0/24,0/0,tcp,80,3128 0/0,192.168.0.0/24,tcp,21,3128"
FW_REDIRECT="192.168.0.0/24,0/0,udp,80,3128 192.168.0.0/24,0/0,udp,21,3128"
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix
SuSE-FW"
FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT=""
FW_ALLOW_FW_TRACEROUTE="yes"
FW_ALLOW_FW_SOURCEQUENCH="yes"
FW_ALLOW_FW_BROADCAST="no"
FW_IGNORE_FW_BROADCAST="yes"
FW_ALLOW_CLASS_ROUTING="no"
FW_CUSTOMRULES=""
FW_REJECT="no"
FW_HTB_TUNE_DEV=""
Thanks!
Dave Barnes
SuSE Prof 9.0 box, with Linux and NT2000 machines behind it.
I have implemented masquerading and the Squid proxy server with no problem.
I can get BIND9 to run happily on a SP9 box behind the firewall, but cannot
get it to run ON the firewall.
I think that DNS is set up ok, as everything runs fine on the firewall when
using SuSEfirewall2 test (i.e. no firewall as no packets droped).
I really need some help here!
My firewall settings are as follows.
FW_QUICKMODE="no"
FW_DEV_EXT="eth1"
FW_DEV_INT="eth0"
FW_DEV_DMZ=""
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="0/0"
FW_PROTECT_FROM_INTERNAL="no"
FW_AUTOPROTECT_SERVICES="yes"
FW_SERVICES_EXT_TCP=""
FW_SERVICES_EXT_UDP=""
FW_SERVICES_EXT_IP=""
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_INT_TCP="domain www 3128"
FW_SERVICES_INT_UDP="domain"
FW_SERVICES_INT_IP=""
FW_SERVICES_QUICK_TCP=""
FW_SERVICES_QUICK_UDP=""
FW_SERVICES_QUICK_IP=""
FW_TRUSTED_NETS=""
FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data DNS"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="domain ntp"
FW_SERVICE_AUTODETECT="yes"
FW_SERVICE_DNS="no"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="no"
FW_SERVICE_SQUID="no"
FW_SERVICE_SAMBA="no"
FW_FORWARD=""
FW_FORWARD_MASQ=""
FW_REDIRECT="192.168.0.0/24,0/0,tcp,80,3128 0/0,192.168.0.0/24,tcp,21,3128"
FW_REDIRECT="192.168.0.0/24,0/0,udp,80,3128 192.168.0.0/24,0/0,udp,21,3128"
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix
SuSE-FW"
FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT=""
FW_ALLOW_FW_TRACEROUTE="yes"
FW_ALLOW_FW_SOURCEQUENCH="yes"
FW_ALLOW_FW_BROADCAST="no"
FW_IGNORE_FW_BROADCAST="yes"
FW_ALLOW_CLASS_ROUTING="no"
FW_CUSTOMRULES=""
FW_REJECT="no"
FW_HTB_TUNE_DEV=""
Thanks!
Dave Barnes
| < Previous | Next > |