Mailinglist Archive: opensuse (3378 mails)

< Previous Next >
Re: [SLE] suse firewall on cd
  • From: Togan Muftuoglu <toganm@xxxxxxxxxxxx>
  • Date: Fri, 19 Apr 2002 20:51:47 +0300
  • Message-id: <20020419205147.B3793@xxxxxxxxxxxx>
* steve; <fsanta@xxxxxxxxxx> on 19 Apr, 2002 wrote:
I am trying to configure firewall2. It's just that someone said the personal firewall would work too. In desperation we have tried many combinations, none of which work!

OK so we are still on SuSEfirewall2
1) uninstall all other firewall packages (personal SuSEfirewall
version1)
2) Make sure you have SuSEfirewall2 version 2.1 if not download from
http://www.suse.de/~marc/suse.html and install it

3) Based on your previous mails configure as follows
FW_DEV_EXT="eth0"
FW_DEV_INT="eth1"
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="192.168.0.0/24"
FW_PROTECT_FROM_INTERNAL="yes"
FW_AUTOPROTECT_SERVICES="yes"

FW_SERVICES_EXT_TCP="domain "
FW_SERVICES_EXT_UDP="domain"
FW_SERVICES_INT_TCP="21 22 25 53 80 110 143 1113 3128"
FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
FW_SERVICE_AUTODETECT="yes"
FW_SERVICE_DNS="yes"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="no"
FW_SERVICE_SQUID="yes"
FW_SERVICE_SAMBA="yes"
FW_REDIRECT="192.168.0.0/24,0/0,tcp,80,3128"
FW_LOG_DROP_CRIT="no"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="no"
FW_LOG_ACCEPT_ALL="no"
FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW"

FW_KERNEL_SECURITY="no"

FW_STOP_KEEP_ROUTING_STATE="yes"

FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="yes"

FW_ALLOW_FW_TRACEROUTE="yes"

FW_ALLOW_FW_SOURCEQUENCH="yes"

FW_ALLOW_FW_BROADCAST="yes"
FW_IGNORE_FW_BROADCAST="no"

FW_ALLOW_CLASS_ROUTING="no"

4) Now start as /sbin/SuSEfirewall2 test
5) Try to ping www.suse.de save output (if any)
6) traceroute www.ssue.de save output (if any)
7) from the Local lan try to surf the net www.suse.de 8) from local lan ftp to ftp.gwdg.de 9 If everything works then /sbinSuSEfirewall2 start
10) if it fails send the output of item 5 item 6 along with
/var/log/firewall ( not all of it relevant parts for item 7 and 8 )


--

Togan Muftuoglu
Unofficial SuSE FAQ Maintainer
http://dinamizm.ath.cx



< Previous Next >
Follow Ups