I have temporarily worked around my problem by reinstating the script (not SuSEfirewall2) that worked for me before installing SuSE. It may not be as encompassing (for example, it allows SSH connections on the internet interface from a workstation inside the firewall). But it will get me "over the hump" until a more elegant solution presents itself. Thanks for all the attempts to help. Daryl On Fri, 2003-12-12 at 07:27, Daryl Lee wrote:
I am trying to configure my firewall to accept remote SSH logins, but it will not. Configuration: Linux server (combination internet gateway, router, and primary workstation) running SuSE 9.0 (brand new install; replaced RedHat 8.0 a week ago, where this problem did not exist). Windows 2000 laptop (my employer's), and Windows XP laptop (my wife's). All internal LAN access is fine, SMB file and printer sharing works, workstations can all get out to the internet, no problems there. But when I try to come in from the internet and open a SSH session with the firewall up, it will not connect. When I try with the "SuSEfirewall test" command, it goes through okay (so I know sshd is running correctly). Here's my /etc/sysconfig/SuSEfirewall2, with all the comments and blank lines stripped, my comments added:
FW_QUICKMODE="no" FW_DEV_EXT="ppp0" # I use DSL FW_DEV_INT="eth1" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="0/0" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="ssh http 5800:5805" # 580x, 590x: VNC FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="ssh domain netbios-ssn" # netbios-ssn for SAMBA FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_SERVICES_QUICK_TCP="" FW_SERVICES_QUICK_UDP="" FW_SERVICES_QUICK_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="no" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="yes" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="yes" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="yes" FW_FORWARD="" FW_FORWARD_MASQ="" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="no" FW_CUSTOMRULES="" FW_REJECT="no" FW_HTB_TUNE_DEV=""