Mailinglist Archive: opensuse (3378 mails)

< Previous Next >
Re: [SLE] suse firewall on cd
  • From: steve <fsanta@xxxxxxxxxx>
  • Date: Fri, 26 Apr 2002 04:24:06 +0200
  • Message-id: <200204252252.g3PMqnM04420@xxxxxxxxxxxxxxxxxxxx>
On Friday 19 April 2002 19:51, you wrote:
> * steve; <fsanta@xxxxxxxxxx> on 19 Apr, 2002 wrote:
> >I am trying to configure firewall2. It's just that someone said the
> > personal firewall would work too. In desperation we have tried many
> > combinations, none of which work!
>
> OK so we are still on SuSEfirewall2
>
> 1) uninstall all other firewall packages (personal SuSEfirewall
> version1)
> 2) Make sure you have SuSEfirewall2 version 2.1 if not download from
> http://www.suse.de/~marc/suse.html and install it
>
> 3) Based on your previous mails configure as follows
>
> FW_DEV_EXT="eth0"
> FW_DEV_INT="eth1"
> FW_ROUTE="yes"
> FW_MASQUERADE="yes"
> FW_MASQ_DEV="$FW_DEV_EXT"
> FW_MASQ_NETS="192.168.0.0/24"
> FW_PROTECT_FROM_INTERNAL="yes"
> FW_AUTOPROTECT_SERVICES="yes"
>
> FW_SERVICES_EXT_TCP="domain "
> FW_SERVICES_EXT_UDP="domain"
> FW_SERVICES_INT_TCP="21 22 25 53 80 110 143 1113 3128"
> FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data"
> FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
> FW_SERVICE_AUTODETECT="yes"
> FW_SERVICE_DNS="yes"
> FW_SERVICE_DHCLIENT="no"
> FW_SERVICE_DHCPD="no"
> FW_SERVICE_SQUID="yes"
> FW_SERVICE_SAMBA="yes"
> FW_REDIRECT="192.168.0.0/24,0/0,tcp,80,3128"
> FW_LOG_DROP_CRIT="no"
> FW_LOG_DROP_ALL="no"
> FW_LOG_ACCEPT_CRIT="no"
> FW_LOG_ACCEPT_ALL="no"
> FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix
> SuSE-FW"
>
> FW_KERNEL_SECURITY="no"
>
> FW_STOP_KEEP_ROUTING_STATE="yes"
>
> FW_ALLOW_PING_FW="yes"
> FW_ALLOW_PING_DMZ="no"
> FW_ALLOW_PING_EXT="yes"
>
> FW_ALLOW_FW_TRACEROUTE="yes"
>
> FW_ALLOW_FW_SOURCEQUENCH="yes"
>
> FW_ALLOW_FW_BROADCAST="yes"
> FW_IGNORE_FW_BROADCAST="no"
>
> FW_ALLOW_CLASS_ROUTING="no"
>
> 4) Now start as /sbin/SuSEfirewall2 test
> 5) Try to ping www.suse.de save output (if any)
> 6) traceroute www.ssue.de save output (if any)
> 7) from the Local lan try to surf the net www.suse.de
> 8) from local lan ftp to ftp.gwdg.de
> 9 If everything works then /sbinSuSEfirewall2 start
> 10) if it fails send the output of item 5 item 6 along with
> /var/log/firewall ( not all of it relevant parts for item 7 and 8 )

Hi. Thanks for all this effort. 5, 6, 7 and 8 work fine in test mode but
lock tight after 9. There is no /var/log/firewall (we installed
SuSEfirewall2-2.1 after uninstalling the normal 7.3 installation packages and
uninstalling the personal firewall) and var/log/messages gives nothing
relevant. We can't ask you for anymore. We tried pmfirewall and it works.
It's not what we really wanted but it's time that we must save. Thanks again.
Steve.


< Previous Next >