Oops .. sorry ... FW_FORWARD="192.168.1.0/24,192.168.5.2,tcp,80" is correct ... regards all the other changes have to be done. ... _____________________________________________ Make money while you work !!! No surfing required! http://www.degoo.com/index.php?refid=mersco This is for real !!! ----- Original Message ----- From: "Chris FitzGerald" <mersco@pandora.be> To: <suse-security@suse.com> Sent: Friday, November 08, 2002 4:41 PM Subject: Re: [suse-security] SuseFirewall2 DMZ
Hi,
Make these changes :
FW_SERVICES_EXT_TCP="80" FW_SERVICES_EXT_UDP="80" FW_SERVICES_EXT_IP="80"
This will allow Internetusers access to your webserver
FW_SERVICES_INT_TCP="80" FW_SERVICES_INT_UDP="80" FW_SERVICES_INT_IP="80"
This will allow your LAN to access the webserver
FW_FORWARD="" This is only for Public IP adresses so leave this empty
This should do the trick ;)
Regards Chris
_____________________________________________ Make money while you work !!! No surfing required! http://www.degoo.com/index.php?refid=mersco
This is for real !!! ----- Original Message ----- From: "Frédéric Poulet" <pofrederic@yahoo.fr> To: <suse-security@suse.com> Sent: Friday, November 08, 2002 4:36 PM Subject: Re: [suse-security] SuseFirewall2 DMZ
My susefirewall2 file is :
# 1.)
# 2.) FW_DEV_EXT="ppp0"
# 3.) FW_DEV_INT="eth1"
# 4.) FW_DEV_DMZ="eth2"
# 5.) FW_ROUTE="yes"
#6 FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.1.0/24 192.168.5.0/24"
# 7.) FW_PROTECT_FROM_INTERNAL="no"
# 8.) FW_AUTOPROTECT_SERVICES="yes"
# 9.) FW_SERVICES_EXT_TCP="" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" # FW_SERVICES_DMZ_TCP="80" FW_SERVICES_DMZ_UDP="80" FW_SERVICES_DMZ_IP="80" # FW_SERVICES_INT_TCP="" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP=""
# 10.) FW_TRUSTED_NETS=""
# 11.) FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
# 12.) FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no"
# 13.) FW_FORWARD="192.168.1.0/24,192.168.5.2,tcp,80"
# 14.) FW_FORWARD_MASQ="0/0,192.168.5.2,tcp,80"
# 15.) FW_REDIRECT=""
# 16.) FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_CRIT="no" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW"
# 17.) FW_KERNEL_SECURITY="yes"
# 18.) FW_STOP_KEEP_ROUTING_STATE="no"
# 19.) FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="yes" FW_ALLOW_PING_EXT="yes"
## # END of rc.firewall ##
# #
#-------------------------------------------------------------------------#
# # # EXPERT OPTIONS - all others please don't change these! # # #
#-------------------------------------------------------------------------#
# #
# # 20.) # Allow (or don't) ICMP time-to-live-exceeded to be send from your firewall. # This is used for traceroutes to your firewall (or traceroute like tools). # # Please note that the unix traceroute only works if you say "yes" to # FW_ALLOW_INCOMING_HIGHPORTS_UDP, and windows traceroutes only if you say # additionally "yes" to FW_ALLOW_PING_FW # # Choice: "yes" or "no", defaults to "no" if not set. # FW_ALLOW_FW_TRACEROUTE="yes"
# # 21.) # Allow ICMP sourcequench from your ISP? # # If set to yes, the firewall will notice when connection is choking, however # this opens yourself to a denial of service attack. Choose your poison. # # Choice: "yes" or "no", defaults to "yes" # FW_ALLOW_FW_SOURCEQUENCH="yes"
# # 22.) # Allow/Ignore IP Broadcasts? # # If set to yes, the firewall will not filter broadcasts by default. # This is needed e.g. for Netbios/Samba, RIP, OSPF where the broadcast # option is used. # If you do not want to allow them however ignore the annoying log entries, # set FW_IGNORE_FW_BROADCAST to yes. # # Choice: "yes" or "no", defaults to "no" if not set. # FW_ALLOW_FW_BROADCAST="no" # FW_IGNORE_FW_BROADCAST="yes"
# # 23.) # Allow same class routing per default? # REQUIRES: FW_ROUTE # # Do you want to allow routing between interfaces of the same class # (e.g. between all internet interfaces, or all internal network interfaces) # be default (so without the need setting up FW_FORWARD definitions)? # # Choice: "yes" or "no", defaults to "no" # FW_ALLOW_CLASS_ROUTING="no"
# # 25.) # Do you want to load customary rules from a file? # # This is really an expert option. NO HELP WILL BE GIVEN FOR THIS! # READ THE EXAMPLE CUSTOMARY FILE AT /etc/sysconfig/scripts/SuSEfirewall2-custom # #FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here