Hi folks! I'm wondering how I get SuSE FW2 to let me ping from the firewall PC itself. (With SuSE 7.4) PCs on the masqueraded net can ping via routing but the firewall itself can't. /etc/rc.config.d/firewall2.rc.config: # 2.) # Which is the interface that points to the internet/untrusted networks? FW_DEV_EXT="ppp0" # # 3.) # Which is the interface that points to the internal network? FW_DEV_INT="eth0" # # 4.) # Which is the interface that points to the dmz or dialup network? FW_DEV_DMZ="" # # 5.) # Should routing be enabled? FW_ROUTE="yes" # # 6.) # Do you want to masquerade internal networks to the outside? FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" # Which internal computers/networks are allowed to access the internet # directly (not via proxys on the firewall)? FW_MASQ_NETS="192.168.0.0/24" # # 7.) # Do you want to protect the firewall from the internal network? FW_PROTECT_FROM_INTERNAL="no" # # 8.) # Do you want to autoprotect all running network services on the firewall? FW_AUTOPROTECT_SERVICES="yes" # # 9.) # Which services ON THE FIREWALL should be accessible from either the internet # (or other untrusted networks), the dmz or internal (trusted networks)? # # Common: smtp domain FW_SERVICES_EXT_TCP="" # Common: domain FW_SERVICES_EXT_UDP="" # Common: domain # For VPN/Routing which END at the firewall!! FW_SERVICES_EXT_IP="" # # Common: smtp domain FW_SERVICES_DMZ_TCP="" # Common: domain FW_SERVICES_DMZ_UDP="" # For VPN/Routing which END at the firewall!! FW_SERVICES_DMZ_IP="" # # Common: ssh smtp domain FW_SERVICES_INT_TCP="ssh domain" # Common: domain syslog FW_SERVICES_INT_UDP="domain" # For VPN/Routing which END at the firewall!! FW_SERVICES_INT_IP="" # # 10.) # Which services should be accessible from trusted hosts/nets? FW_TRUSTED_NETS="" # # 11.) # How is access allowed to high (unpriviliged [above 1023]) ports? # Common: "ftp-data", better is "yes" to be sure that everything else works :-( FW_ALLOW_INCOMING_HIGHPORTS_TCP="" # Common: "DNS" or "domain ntp", better is "yes" to be sure ... FW_ALLOW_INCOMING_HIGHPORTS_UDP="" # # 12.) # Are you running some of the services below? FW_SERVICE_AUTODETECT="no" # Autodetect the services below when starting FW_SERVICE_DNS="yes" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" # # 13.) # Which services accessed from the internet should be allowed to the # dmz (or internal network - if it is not masqueraded)? FW_FORWARD="" # Beware to use this! # # 14.) # Which services accessed from the internet should be allowed to masqueraded # servers (on the internal network or dmz)? FW_FORWARD_MASQ="" # Beware to use this! # # 15.) # Which accesses to services should be redirected to a localport on the # firewall machine? FW_REDIRECT="" # # 16.) # Which logging level should be enforced? FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" # # 17.) # Do you want to enable additional kernel TCP/IP security features? FW_KERNEL_SECURITY="yes" # # 18.) # Keep the routing set on, if the firewall rules are unloaded? FW_STOP_KEEP_ROUTING_STATE="no" # # 19.) # Allow (or don't) ICMP echo pings on either the firewall or the dmz from # the internet? FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="yes" FW_ALLOW_PING_INTERNET="yes" # 20.) FW_ALLOW_FW_TRACEROUTE="yes" # 21.) # Allow ICMP sourcequench from your ISP? FW_ALLOW_FW_SOURCEQUENCH="yes" # 22.) # Allow/Ignore IP Broadcasts? FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" # # 23.) # Allow same class routing per default? FW_ALLOW_CLASS_ROUTING="no" # # 25.) #FW_CUSTOMRULES="/etc/rc.config.d/firewall2-custom.rc.config" ## end of file Thanks, Christian -- A neighbor came to Nasrudin, asking to borrow his donkey. "It is out on loan," the teacher replied. At that moment, the donkey brayed loudly inside the stable. "But I can hear it bray, over there." "Whom do you believe," asked Nasrudin, "me or a donkey?"