Mailinglist Archive: opensuse (4547 mails)

< Previous Next >
9.1 masquerading and firewall oddities
  • From: Jason <jglane@xxxxxxxxxxxxxxx>
  • Date: Mon, 10 May 2004 00:46:54 +0100
  • Message-id: <200405100046.54340.jglane@xxxxxxxxxxxxxxx>
Hi,

I'm having troubles getting networking set up correctly in my fresh new
installation of 9.1 -- I had the network functioning fine with 8.2, and I'm
sure it wasn't as difficult as this to set up...

I've found if I configure the Firewall for forwarding and masquerading and
ssh, while not connected. Subsequently connecting using kinternet or
cinternet, access to the internet is blocked.

However if I restart the firewall by calling 'SuSEfirewall2' or
'rcSuSEfirewall2 restart', while the ppp connection is active everything
works as it should. Masquerading from the laptop, net access on my main
machine.

In 8.2 I didn't have to restart the firewall when I connected, masquerading
just happened.

This also happens when booting -- the ppp0 link only comes active after the
firewall starts, and no access to the internet is possible. Until the
firewall is reset after ppp0 is active.

I have a hotplug script for my ADSL modem that calls cinternet so the internet
connection is live when the machine boots, but the modem takes 15 seconds or
so to load it's firmware and make the atm connection, before it is ready to
bring up the ppp connection.

I've put a kludge in the modem hotplug script that calls /sbin/SuSEfirewall2
to reset the firewall after ppp0 comes up -- but this seems an ugly
workaround. But it works.

Have I missed something obvious? Or doesn't the new networking infrastructure
in 9.1 handle firewalls on dynamic interfaces too well?

Currently in the dark....
Jason

PS:

Background information.

I've got an ADSL connection with BT, using a USB speedtouch modem (the old
blue fishy looking one) which works fine, after fiddling around a bit with
hotplug scripts in 9.1.

My PC has an Intel e100 ethernet card connected to a hub for the local
network. I'm using static IP addresses for my local network.

My main box is acting as router and firewall and print server. I also have ssh
available through the firewall, so I can access my machine from work. This
arrangement was working fine in 8.2, and I'm pretty sure I only used YaST to
set up the networking, routing, firewall and all.

I set up the firewall with the following settings using YaST:

External Interface: dsl0
Internal Interface: eth-id-00:08:c7:db:f1:fc

Other Services:
X Secure Shell (ssh)

Firewall Features:
X Forward Traffic and Do Masqueading
X Protect All Running Services
X Allow Traceroute

All other entries left blank.

(I've also tried eth0, and ppp0 for the internal and external interfaces, and
fiddled around with settings in /etc/sysconfig ... but to no avail)

< Previous Next >
This Thread
Follow Ups