-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 jdd schreef:
M9. wrote:
so, if I understand well you have only one lan (192.168.1.x) with all the PC on it.
Yes that is correct ;-)
previously you said:
"This morning i had to shut down the firewall to enter my Lan. Printing was impossible, and also accessing the other pc's and laptops in the network.
What i do not understand is why this firewall prevents me from entering other pc's in the network, while others can acces mine easily?"
It looks like you (or any event) swapped the internal and external network in the config
try setting with defaults - usually defaults are good
I used the defaults, after putting back the network interface back to the external zone again.
About /etc/scripts/SuSEfirewall2, there are many files there, i do not know which one you want to see.
it's not a folder but a file in my computer (but the one I have just at hand is a 10.1, may be the file was spread in several ones later)
this file is commented internally, and the comments are the only firewall notice I know of
IMHO should a firwall be configured once, and work in silence, protecting a pc or laptop against attack fro 'outside'.
it's what SuSEfirewall2 do usually :-)
It should not block the trusted hosts, and block the untrusted ones.
not clear in your config wich is what
In my config there are only trusted hosts... (in a windows case there are constantly hosts that are informed by dataminers, in windows one should be able to block them...)
A warning should be displayed, with an option to grant or denie an attempt to enter the pc, with a discription of the host and the ip adress, so that one can decide to let pass once or forever, which does not mean that 'forever' can not be changed to denie.
it's really too easy to clic on "yes" without caution and very difficult to go back after, and should any user be allowed to do so?
Normaly, if you have a good firewall, there is a discription of the host, its ip adress, and the purpose for entering from or towards the pc. The streams are visible if you want: in, out, and which ports are used. each programm is listed, and the ports they use.
A realy good firewall can work with passwords, just as a server can.
I think somewhat your definition of "firewall" is wrong. a firewall is used to open or close "ports"
exactly! , not communication yes it has to let me know who is going out and going in, and i must be able to shut whatever port i like, in principle.. (your firewalls don't
do NAT, as you have an other router).
whatever you do with these ports is irrelevant.
If some host wants to enter my pc, i want to know this, and be able to close the gate (port) if i do not want it entering for whatever reason i have. If i give a password to a host, it can enter without noticing me, as long as i want to let the firewall exept the password.
a firewall works at the packet level, not at the logical one, it knows nothing of passwords. It protect networks, so if you want a part with trusted pc, it must be the internal and untrusted the external or the dmz if they are in your house, but this needs an other net card (an other lan).
A good firewall can handele this perfectly, with just one card.
you can set some filtering based on IP, but I'm not sure it's secure and anyway it's difficult to setup.
finally you said "This morning i had to shut down the firewall to enter my Lan.", so the day before the firewall was nice, what did change in between?
Not one thing, that is why i call the firewall inconsistent..
I beg you use an samba network and windows samba is buggy and needs to open nearly anything to work as was said from the beginning by an other writer.
I use samba on the Linux-side,
http://lists.opensuse.org/opensuse-factory/2007-09/msg00335.html
but if I understand well, doing so is nearly the same as stopping the firewall.
As i understand, only for the ports used by samba for the LAN?
use of samba server on suse fixes the permission problem.
Samba server i did not use before...
jdd
If you want to know what i mean, you should download the free sygate firewall from norton, and use it on a windows box. - -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.22.5-10-default x86_64 Huidige gebruiker: monkey9@tribal-sfn2 Systeem: openSUSE 10.3 (X86-64) Beta3 KDE: 3.5.7 "release 58" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG6/6WX5/X5X6LpDgRAk/MAKDHiYPzxAqnJA1sqEvChupx03ySHQCghFAw K7nudtOjDVT7Uz2in5rMOUA= =PE8L -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org