--- Thorsten Preuss a écrit : > OK, next step:

when you try to reach your webserver from the internal network with http://192.168.5.2/ which messages do you get on the firewall ?

Thorsten

How see messages on the firewall ? ___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com

--- Thorsten Preuss a écrit : > On your firewall try

tail -f /var/log/messages

My /var/log/messages Jan 17 16:09:53 linux pppd[982]: sent [LCP EchoReq id=0x82 magic=0x9fc93b77] Jan 17 16:09:53 linux pppd[982]: rcvd [LCP EchoRep id=0x82 magic=0x27bb6028] Jan 17 16:10:02 linux dhcpd: DHCPREQUEST for 0.0.4.102 from 00:03:93:b0:fa:26 via eth1: ignored (not authoritative). Jan 17 16:10:09 linux last message repeated 3 times Jan 17 16:10:13 linux pppd[982]: sent [LCP EchoReq id=0x83 magic=0x9fc93b77] Jan 17 16:10:13 linux pppd[982]: rcvd [LCP EchoRep id=0x83 magic=0x27bb6028] Jan 17 16:10:17 linux dhcpd: DHCPDISCOVER from 00:03:93:b0:fa:26 via eth1 Jan 17 16:10:18 linux dhcpd: DHCPOFFER on 192.168.1.164 to 00:03:93:b0:fa:26 via eth1 Jan 17 16:10:18 linux dhcpd: DHCPREQUEST for 192.168.1.164 (192.168.1.1) from 00:03:93:b0:fa:26 via eth1 Jan 17 16:10:18 linux dhcpd: DHCPACK on 192.168.1.164 to 00:03:93:b0:fa:26 via eth1 Jan 17 16:10:29 linux kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= SRC=80.15.76.155 DST=80.15.77.20 LEN=78 TOS=0x00 PREC=0x00 TTL=120 ID=34582 PROTO=UDP SPT=1030 DPT=137 LEN=58 Jan 17 16:10:33 linux pppd[982]: sent [LCP EchoReq id=0x84 magic=0x9fc93b77] Jan 17 16:10:33 linux pppd[982]: rcvd [LCP EchoRep id=0x84 magic=0x27bb6028] Jan 17 16:10:53 linux pppd[982]: sent [LCP EchoReq id=0x85 magic=0x9fc93b77] Jan 17 16:10:53 linux pppd[982]: rcvd [LCP EchoRep id=0x85 magic=0x27bb6028] Jan 17 16:11:13 linux pppd[982]: sent [LCP EchoReq id=0x86 magic=0x9fc93b77] Jan 17 16:11:13 linux pppd[982]: rcvd [LCP EchoRep id=0x86 magic=0x27bb6028] Jan 17 16:11:17 linux kernel: VFS: Disk change detected on device fd(2,0) Jan 17 16:11:33 linux pppd[982]: sent [LCP EchoReq id=0x87 magic=0x9fc93b77] Jan 17 16:11:33 linux pppd[982]: rcvd [LCP EchoRep id=0x87 magic=0x27bb6028] Jan 17 16:11:34 linux pppd[982]: rcvd [LCP EchoReq id=0x9 magic=0x27bb6028] Jan 17 16:11:34 linux pppd[982]: sent [LCP EchoRep id=0x9 magic=0x9fc93b77]

and then try to access your webserver from your internal network.

IExplorer find but nothing ___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com

route -n from firewall : Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 80.15.77.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 0.0.0.0 80.15.77.1 0.0.0.0 UG 0 0 0 ppp0 route -n from web server Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 route print from windows =========================================================================== Liste d'Interfaces 0x1 ........................... MS TCP Loopback interface 0x2 ...00 40 f4 45 e8 0e ...... Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets =========================================================================== =========================================================================== Itin‚raires actifsÿ: Destination r‚seau Masque r‚seau Adr. passerelle Adr. interface M‚trique 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.199 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.1.0 255.255.255.0 192.168.1.199 192.168.1.199 20 192.168.1.199 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.1.255 255.255.255.255 192.168.1.199 192.168.1.199 20 224.0.0.0 240.0.0.0 192.168.1.199 192.168.1.199 20 255.255.255.255 255.255.255.255 192.168.1.199 192.168.1.199 1 Passerelle par d‚fautÿ: 192.168.1.1 =========================================================================== Itin‚raires persistantsÿ: Aucun --- Thorsten Preuss a écrit : > The line:

Jan 17 16:10:29 linux kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= SRC=80.15.76.155 DST=80.15.77.20 LEN=78 TOS=0x00 PREC=0x00 TTL=120 ID=34582 PROTO=UDP SPT=1030 DPT=137 LEN=58

tells us, that the firewall is at least blocking packets and that the firewall logs these, too.

Can you post the output of the command:

route -n

from your firewall and your webserver and perhaps the output of the command

route print

from your windows box ?

The setup following should work fine, but you will not be able to reach your webserver from the inside with the public ip of your ppp0 interface, just with the private ip 192.168.5.2.

Please also try to get the newest version of the SuSEfirewall2 scripts, i ran into some trouble with an older version while trying to use FW_FORWARD_MASQ which ran fine after updating the scripts. The newest version is available under:

ftp://ftp.suse.com/pub/people/garloff/linux/SuSE/RPMS/[SuSE-version]/SuSEfirewall2-*

FW_DEV_EXT="ppp0" FW_DEV_INT="eth1" FW_DEV_DMZ="eth2" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.1.0/24 192.168.5.0/24" FW_PROTECT_FROM_INTERNAL="yes" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="80" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="80" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="80" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="DNS ftp-data" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="" FW_FORWARD_MASQ="0.0.0.0/0,192.168.5.2,tcp,80" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="yes" FW_LOG="--log-level warning --log-tcp-options --log-ip-option \ --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="no" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" FW_ALLOW_FW_TRACEROUTE="no" FW_ALLOW_FW_SOURCEQUENCH="no" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="no" #FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"

___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com

* Frédéric Poulet; on 08 Nov, 2002 wrote:

--- Thorsten Preuss a écrit : > On your firewall try

...

tail -f /var/log/messages

My /var/log/messages

Jan 17 16:09:53 linux pppd[982]: sent [LCP EchoReq id=0x82 magic=0x9fc93b77] Jan 17 16:09:53 linux pppd[982]: rcvd [LCP EchoRep id=0x82 magic=0x27bb6028] Jan 17 16:10:02 linux dhcpd: DHCPREQUEST for 0.0.4.102 from 00:03:93:b0:fa:26 via eth1: ignored (not authoritative). Jan 17 16:10:09 linux last message repeated 3 times Jan 17 16:10:13 linux pppd[982]: sent [LCP EchoReq id=0x83 magic=0x9fc93b77] Jan 17 16:10:13 linux pppd[982]: rcvd [LCP EchoRep id=0x83 magic=0x27bb6028] Jan 17 16:10:17 linux dhcpd: DHCPDISCOVER from 00:03:93:b0:fa:26 via eth1 Jan 17 16:10:18 linux dhcpd: DHCPOFFER on 192.168.1.164 to 00:03:93:b0:fa:26 via eth1 Jan 17 16:10:18 linux dhcpd: DHCPREQUEST for 192.168.1.164 (192.168.1.1) from 00:03:93:b0:fa:26 via eth1 Jan 17 16:10:18 linux dhcpd: DHCPACK on 192.168.1.164 to 00:03:93:b0:fa:26 via eth1

Now there is some misguidng information a few minutes ago when you sent your config # 12.) FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" You are sating there are no DHCP servers or DHCP clients on the firewall amchine yet your logs say the opposite ?

Jan 17 16:10:29 linux kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= SRC=80.15.76.155 DST=80.15.77.20 LEN=78 TOS=0x00 PREC=0x00 TTL=120 ID=34582 PROTO=UDP SPT=1030 DPT=137 LEN=58

This is from 80.15.76.155 to 80.15.77.20 and requesting Netbios from port 1030 to 137 and it is dropped by default Nothing

...

and then try to access your webserver from your internal network.

IExplorer find but nothing

Meaning what you are unable to reach the webserver or there are no related logs in the /var/log/messages -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx