Mailinglist Archive: opensuse (807 mails)
| < Previous | Next > |
Re: [opensuse] howto open firewall to all traffic to a host
- From: Vahe Avedissian <vyav@xxxxxxxxx>
- Date: Tue, 6 Apr 2010 15:48:44 -0700 (PDT)
- Message-id: <376052.13065.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Hi Togan,
I tried the first suggestion you made and that seems to work! Thanks!!!
I will try your second suggestion as well. Any advantage of the first versus
the second approach?
Also, the HDHomeRun TV tuner is sitting on my local network. I was wondering
what
the implications of trusting them were per your comment below? Can you shed some
light on this concern?
Thanks again!
Vahe
----- Original Message ----
From: Togan Muftuoglu <toganm+suse@xxxxxxxxxxxx>
To: opensuse@xxxxxxxxxxxx
Sent: Tue, April 6, 2010 12:23:11 AM
Subject: Re: [opensuse] howto open firewall to all traffic to a host
Vahe Avedissian wrote:
question is can you realy trust them
# Format: space separated list of network[,protocol[,port]]
# in case of icmp, port means the icmp type
#
# Example: "172.20.1.1 172.20.0.0/16 1.1.1.1,icmp 2.2.2.2,tcp,22"
#
FW_TRUSTED_NETS="HDHomeRun's IP"
Another option, though I do not think that can be done via Yast, is you
can create a service "HDHomeRun" based on the
/etc/sysconfig/SuSEfirewall2.d/services/TEMPLATE and here is the
relevant part of the template.
### variables below are only needed in very special cases
# space separated list of net,protocol[,sport[,dport]]
# see FW_SERVICES_ACCEPT_RELATED_EXT
# net 0/0 means IPv4 and IPv6. If this sevice should only work for
# IPv4 use 0.0.0.0/0
RELATED="HDHomeRun's IP"
This will open the ports that are related to your computers request
Then you can add this service to your FW_CONFIGURATIONS_EXT="HDHomeRun"
Hope this helps
Togan
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
I tried the first suggestion you made and that seems to work! Thanks!!!
I will try your second suggestion as well. Any advantage of the first versus
the second approach?
Also, the HDHomeRun TV tuner is sitting on my local network. I was wondering
what
the implications of trusting them were per your comment below? Can you shed some
light on this concern?
Thanks again!
Vahe
----- Original Message ----
From: Togan Muftuoglu <toganm+suse@xxxxxxxxxxxx>
To: opensuse@xxxxxxxxxxxx
Sent: Tue, April 6, 2010 12:23:11 AM
Subject: Re: [opensuse] howto open firewall to all traffic to a host
Vahe Avedissian wrote:
Hello Folks,You can enter HDHomeRun's IP address into FW_TRUSTED_NETS but then the
I am trying to get a SiliconDust internet TV card box to work with Opensuse
11.2, but am having firewall issues.
With the firewall turned off, the hdhomerun (Silicon dust software)
configure will detect the TV tuner and return it's
IP address and ID. With the firewall enabled the tuner is not detected as
expected.
I tried opening up the necessary ports and services but thhat did not work
and according to SiliconDust tech support
the tuner uses random high port on the PC so it is not possible to firewall
based on incoming ports. They suggest
that I allow all traffic to/from the HDHomeRun's IP address.
My question is how to best do this? I could not find how to do this with
yast. Do I need to directly edit iptables and if so, how?
question is can you realy trust them
# Format: space separated list of network[,protocol[,port]]
# in case of icmp, port means the icmp type
#
# Example: "172.20.1.1 172.20.0.0/16 1.1.1.1,icmp 2.2.2.2,tcp,22"
#
FW_TRUSTED_NETS="HDHomeRun's IP"
Another option, though I do not think that can be done via Yast, is you
can create a service "HDHomeRun" based on the
/etc/sysconfig/SuSEfirewall2.d/services/TEMPLATE and here is the
relevant part of the template.
### variables below are only needed in very special cases
# space separated list of net,protocol[,sport[,dport]]
# see FW_SERVICES_ACCEPT_RELATED_EXT
# net 0/0 means IPv4 and IPv6. If this sevice should only work for
# IPv4 use 0.0.0.0/0
RELATED="HDHomeRun's IP"
This will open the ports that are related to your computers request
Then you can add this service to your FW_CONFIGURATIONS_EXT="HDHomeRun"
Hope this helps
Togan
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |