I'm hoping one of you bright folks can lend me a hand with a small
configuration problem I'm having with Marc Heuse' new SuSEfirewall 4.0
package. This is on a SuSE 7.0 professional system.
For several versions of SuSEfirewall, SuSE 6.3 through 7.0, I've tried to
configure the script to allow outside connections to port 6699 on the
firewall (napster) to my internally masqueraded windows desktop running
napster. Additionally, I've tried to let select other services through
to server machines on the internal masqueraded network, but so far,
My internal windows desktop is at 192.168.1.101, and is successfully able
to get to Napster servers on port 6699 through the firewall.
I just wish I could share some of my files with the rest of the world.
Oh, and in my /etc/rc.firewall settings, don't be concerned about
pcanywheredata and pcanywherestat being open to the outside world. I
actually have sshd running on those ports, as that's the only way to get
to my firewall from my workplace. ;-)
Here are my /etc/rc.firewall settings:
FW_SERVICES_EXTERNAL_TCP="ssh sshalt pcanywheredata pcanywherestat ident
FW_SERVICES_EXTERNAL_UDP="pcanywheredata pcanywherestat napster"
FW_SERVICES_INTERNAL_TCP="telnet ftp smtp ssh sshalt pcanywheredata
pcanywherestat domain icq napster www 8080 rrlogind"
FW_SERVICES_INTERNAL_UDP="pcanywheredata pcanywherestat domain www icq 8080
# Here's where I'm trying to let napster in from the rest of the
# world to my windows box at 192.168.1.101
FW_MASQ_MODULES="autofw cuseeme ftp irc mfw portfw quake raudio user vdolive"
- - -
Similarly, I tried allowing requests to port 80 through to 192.168.1.10,
which is one of my internal fileservers. It's running apache. No joy
there either... Tried:
Anyone have any ideas? I'll try to anticipate peoples' questions about
my system by providing some more information now, and I'll be happy to
provide more information if requested to do so.
I'm running a self-compiled kernel from the LX_SUSE sources, with the
international crypto patches applied so I could turn on some of
the crypto modules.
The following packages _are_ installed:
And the following relevant kernel configs were/are set, and the modules
[*] Routing messages
[*] Network firewalls
[*] Socket filtering
[*] IP: Advanced Router
[*] IP: policy routing
[*] IP: verbose route monitoring
[*] IP: firewalling
[*] IP: firewall packet netlink device
[*] IP: use FWMARK value as routing key
[*] IP: masquerading
[*] IP: masquerading special modules support
<M> IP: ipautofw masquerade support (Experimental)
<M> IP: ipportfw masquerade support
<M> IP: ipmarkfw masquerade support
<M> IP: tunneling
<M> IP: GRE tunnels over IP
I *think* this should get me where I need to go.
I've confirmed that in /lib/modules/2.2.16, there are the following
modules ready to go: