Hi, found my mistake. Cause i've no local DNS, I had to fill-in the Provider-DNS into each Client-Configuration. Now it's going to be a sunny Sunday .-), Bye, Rene ----- Original Message ----- From: "R. Ullenboom" <rene@ullenboom.de> To: <suse-security@suse.com> Sent: Sunday, January 27, 2002 10:22 AM Subject: [suse-security] SuSEFirewall2, smtp, nntp, telnet
Hi, got probs with configuring SuSEFirewall2 (SF2). Transparent proxiing (Squid) with Web-Browser works. Also Masquerading (ping_to_Internet) From some aacounts i can get eMail with my eMail-Client (Outlook) over Masq. But I can't send them. Even telnet through the Firewall for testing mail-traffic does not work. And at least I tried to get nntp over Squid-SSL and it does not work. Whats wrong with my configuration:
Thanx 4 help and
Here it is:
FW_DEV_EXT="ppp0" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.0.0/16 10.0.0.0/16" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="25 80" FW_SERVICES_EXT_UDP="" # Common: domain FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="23 25 53 110 119 3128" FW_SERVICES_INT_UDP="23 25 53 110 119" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="192.168.0.0/16 10.0.0.0/16" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="yes" FW_SERVICE_SAMBA="no" FW_FORWARD="" FW_FORWARD_MASQ=""
FW_REDIRECT="192.168.0.0/16,0/0,tcp,80,3128 192.168.0.0/16,0/0,tcp,21,3128 192.168.0.0/16,0/0,udp,80,3128 192.168.0.0/16,0/0,udp,21,3128 192.168.0.0/16,0/0,tcp,443,3128 192.168.0.0/16,0/0,udp,443,3128 192.168.0.0/16,0/0,tcp,563,3128 192.168.0.0/16,0/0,udp,563,3128"
FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="yes" FW_ALLOW_PING_EXT="no"
#-------------------------------------------------------------------------#
# # # EXPERT OPTIONS - I left them on default!! # # #
#-------------------------------------------------------------------------#
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com