Mailinglist Archive: opensuse (3378 mails)

< Previous Next >
Re: [SLE] More Firewall2
  • From: Togan Muftuoglu <toganm@xxxxxxxxxxxx>
  • Date: Thu, 4 Apr 2002 08:15:59 +0300
  • Message-id: <20020404081559.A17741@xxxxxxxxxxxx>
* Roy Cabaniss; <rcaban@xxxxxxxxxxxxxx> on 03 Apr, 2002 wrote:
Now the MAC addresses are coming in inet4 as opposed to 6. My local setups kick out inet6 MAC's when I do an ifconfig.

Mar 24 11:08:41 rcaban kernel: SuSE-FW-ACCEPTIN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx SRC=209.130.30.130 DST=my ext ip LEN=40 TOS=0x08 PREC=0x00 TTL=240 ID=40330 PROTO=TCP SPT=45507 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0

Request to port 80 on your firewall for HTTP request which is accepted.


Mar 24 11:09:16 rcaban kernel: SuSE-FW-ACCESS_DENIED_FOR_INTIN=eth1 OUT= MAC=xx:xx:xx:xx:xx:xx:xx SRC=192.168.0.xx (internal network, other computer) DST=external network card LEN=68 TOS=0x10 PREC=0x00 TTL=64 ID=19036 DF PROTO=UDP SPT=32932 DPT=53 LEN=48

Request for name server querry protocol UDP with destination port 53 on
your External IP.
FW_PROTECT_FROM_INTERNAL="no"
FW_AUTOPROTECT_SERVICES="no"
FW_SERVICES_EXT_TCP="25 53 80 110 6346"

out of curiosity do you run all these services for the world ? SMTP server
DNS server HTTP server POP server ? If you are not offering these to the
world remove them

FW_SERVICES_EXT_UDP="53" # Common: domain
FW_SERVICES_EXT_IP=""
FW_SERVICES_INT_TCP="25 53 80 110 6346"

Again are these services running on your firewall so your internal PC
connects for example to port 25 on your firewall for smtp mail relay ?

--

Togan Muftuoglu
Unofficial SuSE FAQ Maintainer
http://dinamizm.ath.cx



< Previous Next >
References