Hi Philippe, eth0 and ppp0 are both internal? Try FW_DEV_WORLD="ppp0" and FW_DEV_INT="eth0" - I assume eth0 is the device to your internal net? Cheers, Ralf
Hi,
I've tried to use SuSEFirewall to configure a server with SMTP, POP and a Web server.
I've activated masquerading to allow the users on the local network to access Internet.
I had to desactivate FW_PROTECT_FROM_INTERNAL to allows certain feature, for example traceroute. What is the good way?
The mail server works well from local user to local user and from local user to external user. But entering mails are systematically rejected. I've copied below the Firewall and senmail config file of SuSEFirewall. aaa.bbb.ccc.130 is the public IP adress of the firewall.
Below, you can see also the log of the firewall. How to find a relation between this messages, and the output of ipchains -L?
Thank for your help,
regards,
Philippe.
---
FW_DEV_WORLD="" FW_DEV_INT="eth0 ppp0" FW_MASQUERADE="yes" FW_PROTECT_FROM_INTERNAL="no" FW_ROUTE="yes" FW_SERVICES_EXTERNAL_TCP="25 80" FW_SERVICES_EXTERNAL_UDP="25 80" FW_SERVICES_INTERNAL_TCP="25 53 80 110 3128" FW_SERVICES_INTERNAL_UDP="53" FW_SERVICE_DNS="yes" FW_STOP_KEEP_ROUTING_STATE="yes"
SENDMAIL_TYPE="yes" SENDMAIL_SMARTHOST="" SENDMAIL_LOCALHOST="localhost this.server.ua" SENDMAIL_RELAY="" SENDMAIL_ARGS="-bd -q30m -om" SENDMAIL_EXPENSIVE="no" SENDMAIL_EXPENSIVE="no" SENDMAIL_NOCANONIFY="no" SENDMAIL_NODNS="no" SENDMAIL_DIALUP="no" SENDMAIL_GENERICS_DOMAIN="" MASQUERADE_DOMAINS=""
Jul 13 16:50:30 citydesign kernel: Packet log: rulchain REJECT ppp0 PROTO=6 202.58.118.7:1329 aaa.bbb.ccc.130:25 L=60 S=0x00 I=3205 F=0x4000 T=41 SYN (#7) Jul 13 16:50:30 citydesign kernel: Packet log: rulchain REJECT ppp0 PROTO=6 202.58.118.7:1329 aaa.bbb.ccc.130:25 L=60 S=0x00 I=3205 F=0x4000 T=41 SYN (#7) Jul 13 16:50:46 citydesign kernel: Packet log: rulchain REJECT ppp0 PROTO=6 193.41.48.5:1426 aaa.bbb.ccc.130:25 L=44 S=0x00 I=7215 F=0x4000 T=61 SYN (#7) Jul 13 16:50:49 citydesign kernel: Packet log: rulchain REJECT ppp0 PROTO=6 193.41.48.5:1426 aaa.bbb.ccc.130:25 L=44 S=0x00 I=7338 F=0x4000 T=61 SYN (#7) Jul 13 16:50:55 citydesign kernel: Packet log: rulchain REJECT ppp0 PROTO=6 193.41.48.5:1426 aaa.bbb.ccc.130:25 L=44 S=0x00 I=7580 F=0x4000 T=61 SYN (#7) Jul 13 16:51:07 citydesign kernel: Packet log: rulchain REJECT ppp0 PROTO=6 193.41.48.5:1426 aaa.bbb.ccc.130:25 L=44 S=0x00 I=8061 F=0x4000 T=61 SYN (#7)
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
* * Ralf 'coko' Koch * mailto:info@formel4.de * --- The only thing Micro$oft has done for society, is make people believe, that computers are inherently unreliable.