Mailinglist Archive: opensuse (4053 mails)

< Previous Next >
SuSE FW2 configuration
  • From: stephane parenton <sparenton@xxxxxxxxxxx>
  • Date: Thu, 09 Aug 2001 11:49:55 +0200
  • Message-id: <3B725CC3.78B79674@xxxxxxxxxxx>
Hi, I've installed the latest fw2... I've read the examples, and the 5th seemed to be the closer from my configuration... Still i have a problem, I can't ping the outside world after the firewall is launched...

The conf is like this :

External interface is eth0, ip adress is public_ip0
DMZ interface is eth1, ip adress is public_ip1
Internal interface is eth2, ip adress is private_ip0

I want to have squid as proxy on the firewall so I guess this will improve the security.

I want my dns/http/ftp/ssh/smtp/pop to be on the dmz boxes

here's what i've entered :

FW_DEV_EXT="eth0"
FW_DEV_INT="eth2"
FW_DEV_DMZ="eth1"
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_NETS="private_ip0/16"
FW_SERVICES_EXT_TCP="21 22 25 53 80 110"
FW_SERVICES_EXT_UDP="25 53"
FW_SERVICES_DMZ_TCP="21 22 25 53 80 110"
FW_SERVICES_DMZ_UDP="53 514"
FW_SERVICES_INT_TCP="21 22 53 80 110"
FW_SERVICES_INT_UDP="53"
FW_SERVICE_SQUID="yes"
FW_FORWARD="dmz_box0_ip dmz_box1_ip"
FW_REDIRECT="private_ip0/16,0/0,tcp,80,proxy_port"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="yes"
FW_ALLOW_PING_EXT="yes"

is this config correct to do what I want, and What can block me to ping the internet from the firewall ?....

Regards
Stephane

< Previous Next >
This Thread
  • No further messages