I was getting hacked from three IP's so I turned on suse firewall.
I set the configurations as th screen said. But know I cannot access the web
pages, not ssh in (sometimes yes, sometimes NO) Ftp is the same way!!!
What other ways can I configure the firewall? You do select the items that
you want to turn on right?
Information Services Technical Analyst
Fresno Pacific University
Well, I have also a problem with YOU.
It does the "init FTP/HTTP Update"
and then I get a TIMEOUT from ftp.leo.org
(Err .... use another SuSE Server)
How can I use another server?
Is it a known Problem?
Thank you very much for your help on this. I'll play with it this weekend.
"Vaclav Brunnhofer" <vbru(a)entu.cas.cz> wrote:
>> > I'm currently running version 7.3 Personal on my laptop, using the
>> > basic firewall. I was wondering if the SuseFirewall2 is available
>> > with my current version. I've been looking in the Suse website and
>> > in google and haven't seen anything (yet).
>| Entomologicky ustav e-mail: vbru(a)entu.cas.cz |
>| Akademie Ved Ceske Republiky tel.: 038 7775251 |
>| Branisovska 31 fax: 038 5310354 |
>| 370 05 Ceske Budejovice mobil: +420 606 632822 |
>Check the headers for your unsubscription address
>For additional commands, e-mail: suse-security-help(a)suse.com
>Security-related bug reports go to security(a)suse.de, not here
McAfee VirusScan Online from the Netscape Network.
Comprehensive protection for your entire computer. Get your free trial today!
Get AOL Instant Messenger 5.1 free of charge. Download Now!
That's it!!, don't know where to look.
By default SuSEfirewall its letting every traffic from inside to outside, but
i need to block: kazza, imesh and similars, because my clients are sucking
all the bandwith downloading mp3, videos, etc.
eth0 -> internal lan 192.168.2.2
eth1 -> external lan 192.168.1.2
in /etc/sysconfig/SuSEfirewall, only changed these, everything else is as
in /etc/sysconfig/scripts/SuSEfirewall2-custom, modified/added these,
everything else is as default.
for target in LOG DROP; do
for chain in input_ext input_dmz input_int forward_int forward_ext
iptables -A $chain -j $target -p tcp --dport 31337
iptables -A $chain -j $target -p udp --dport 31337
iptables -A $chain -j $target -p tcp --dport 12345:12346
iptables -A $chain -j $target -p udp --dport 12345:12346
iptables -A $chain -j $target -p tcp --sport 2932 # incp
iptables -A $chain -j $target -p udp --sport 2932 # incp
iptables -A $chain -j $target -p tcp --sport 1081:1082 #
iptables -A $chain -j $target -p udp --sport 1081:1082
tcpdump showed me that kazaa used 2932, 1081 and 1082 ports to establish
connection with kazaa internet servers.
Please give me an advice, a direction where to look or even better the
I have installed SuSE 8.2 with 2.5.STABLE1.
I would like to authenticate my users with PAM.
The configuration since squid 2.4 has hanged.
I followed the notes in /etc/squid.conf and I tried to use the "auth_param"
# TAG: auth_param
# This is used to pass parameters to the various authentication
# format: auth_param scheme parameter [setting]
# auth_param basic program /usr/bin/ncsa_auth /usr/etc/passwd
# would tell the basic authentication scheme it's program parameter.
# The order that authentication prompts are presented to the
# is dependant on the order the scheme first appears in config file.
# IE has a bug (it's not rfc 2617 compliant) in that it will use the
# scheme if basic is the first entry presented, even if more secure
# are presented. For now use the order in the file below. If other
# have difficulties (don't recognise the schemes offered even if you
# basic) then either put basic first, or disable the other schemes (by
# out their program entry).
# Once an authentication scheme is fully configured, it can only be
# by shutting squid down and restarting. Changes can be made on the
# activated with a reconfigure. I.E. You can change to a different
# but not unconfigure the helper completely.
# === Parameters for the basic scheme follow. ===
# "program" cmdline
# Specify the command for the external authenticator. Such a
# program reads a line containing "username password" and replies
# "OK" or "ERR" in an endless loop. If you use an authenticator,
# make sure you have 1 acl of type proxy_auth. By default, the
# basic authentication sheme is not used unless a program is
# If you want to use the traditional proxy authentication,
# jump over to the ../auth_modules/NCSA directory and
# % make
# % make install
# Then, set this line to something like
# auth_param basic program /usr/bin/ncsa_auth /usr/etc/passwd
I have used the following entries:
auth_param basic program /usr/sbin/pam_auth and appropriate acl`s.
(Because pam_auth worked properly with squid 2.4 and I could not find the
This does not work !
I have searched for the "auth_modules" directory .... but where is it ?
I can not find the directory to do the "traditional proxy authentication..."
What about the files /etc/pam.d/squid and /usr/sbin/pam_auth ? Are they no
longer used ?
I have used this with squid 2.4.
What to do now ?
my firewall-setup with ipsec etc didn't work though I knew the
configuration worked with the previous installation...
the error was the line
REJECT_ALL_INCOMING_CONNECTIONS="ippp0 isdn0 ippp1"
I never edited this file, probably yast set it there due to "activate
firewall" in isdn-setup.
May this help somebody googeling for susefirewall, ipsec, klips
Could someone add this hint to the docu?
I set up SuSEfirewall2 on my linux box, which is used as a router / firewall
for my small home network. It runs a DHCP server, SuSEfirewall2, Squid.
All the browsers on the local network (including the linux box) use squid as
their http proxy. I have not set up an ftp proxy (unless this is a default
installation option and I have missed it).
Are there any settings I need to watch out for regarding FTP in order to
carry out an on-line update using YOU.
It may be a co-incidence but since setting up the firewall YOU keeps timing
out. It spends some time getting a list of mirror FTP sites to use (10
minutes) but then times out after 20-30 minutes trying to fetch the list of
patches available. How can I figure out what is going wrong ?
Oh I have SuSE Linux 8.2 Professional.
Would appreciate any advice that can be offered.
Use a sniffer and watch which ports are being used. I cannot tell you
which ports, because the corporate firewall that I manage is not SuSEs
Firewall2, but I have only defined which ports to accept outbound (SMTP,
HTTP(S), etc) and Kazaa does not work here.
Not very useful maybe, but talking with users to have them stop using
Kazaa is i think more complicated.
From: Johannes Bretscher [mailto:firstname.lastname@example.org]
Sent: Tuesday, August 19, 2003 3:11 PM
Subject: Re: [suse-security] Blocking Kazaa and other P2P communication
On Tue, Aug 19, 2003 at 02:57:34PM +0200, Josef.Fuchs(a)leykam.com wrote:
> Hi, Security List Subscribers.
> Can somebody tell me if it?s possible to block all Kazaa communication
> at my SuSE Firewall-Box?
Talk to the users of this program. Trying to block Kazaa, Emule and
similar programs technically you will always be a step behind them.
> thanks in advance
> Josef Fuchs
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help(a)suse.com
Security-related bug reports go to security(a)suse.de, not here
I need to know if I have setup FW_MASQ_NETS correctly.
I want computers on my internal net 192.168.86.* to be able to access my
ISP's 2 dns servers 22.214.171.124 126.96.36.199.
I want people on these computers to run browsers and be identified by
Is this correct? lines broken by \ for legibility but I do not know if
it is legal in the firewall script. (left out there)
Paul Elliott 1(512)837-1096
pelliott(a)io.com PMB 181, 11900 Metric Blvd Suite J
http://www.io.com/~pelliott/pme/ Austin TX 78758-3117