Hi, ic! Looks like i am going to experiment a bit with my server tonight ;))) Thanks for the info! Could come in very handy for me ;) This way I can also protect my Win"blows" Unreal server (in the LAN) a bit more from sending out sh*tty stuff when infected with a virus of some sort .. Off course I take my precautions, but some extra security is always welcome ;) Thanks again Regards Chris ----- Original Message ----- From: "Andreas J Mueller" <andy@muelli.net> To: <suse-security@suse.com> Sent: Thursday, October 24, 2002 6:46 PM Subject: Re: [suse-security] suse-security list
-----BEGIN PGP SIGNED MESSAGE-----
Hi Chris!
What you should definitly do is open port 5678 on FW_SERVICES_EXT_TCP, otherwise the firewall won't allow clients to connect. And you can get rid of port 80 on EXT because you use the other port for it.
FW_SERVICES_EXT_TCP="25 53 5678"
That's not necessary for SuSE-FW2 (at least in 8.0), because the forwarding code will create the needed ACCEPT rules independently of the settings in FW_SERVICES_EXT_TCP. However, if the destination host is itself not masqueraded, e.g., not listed in FW_MASQ_NETS, the reply packets won't get back through the firewall. I found that out while setting up a Windows web server that should only accept incoming connections on port 80 and have no other Internet access.
Regards, Andy
- -- Andreas J. Mueller email: <andy@muelli.net> PGP RSA Public Key ID 0x3D41D941 FP: ED261973D51D3D20 C840B0542E69F602 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (MingW32)
iQC9AwUBPbgj8PobN5o9QdlBAQES7AU/XglTmJHdo+Ca8v0hzsD8cUsIuc/3nEBI 9RJJgaA6JCqxg3d8ONxgxwA4sSJ9tzYzNBboCQDvFtWNo2ABFfPnW0h6+0lyD9F+ ZkZ5a97jXZMM8b85XVkeezxI9JFXABrf6TEYdO2stkF+gknvc4LGZ6mcrrGYgTwo UO1EarVvV28uk2cyZa8G6X21NR8vPHTAogK4OqWBfexnzWjTaxXNzyY+94fHHNpA =2Oq3 -----END PGP SIGNATURE-----
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here