Re: [suse-security] Q: Customizing SuSE80 FW2 router to run service in internal network with dynamic dial-up
--- Steffen Dettmer <steffen@dett.de> wrote:
SuSE-FW-NO_ACCESS_INT->FWEXT entry Sorry, I cannot help you with SuSEFirewall (I do not use it). You should ask on the mailinglist. I did not find any mailing list at SuSE site more closely related to firewall problems than this one. I don't want to cross-post to other, general lists.
it's not more difficult to build own rules :) I probably have to, even if I really did not want it. As I am starting again, installing sofisticated tools on 200MHz and learn about them will cost me some time.
SuSE has *some* great developers. But I never would rely on their buggy scripts. I somehow come to this decision too. I really would like to provide my knowledge foremost about getting third party software to run in SuSE scheme securely, but I'm getting sick of analyzing what's behind, using SDB that is just a lame excuse for its name, incompetent free installation help and commercial support that I don't want to pay for anymore. There will be no sucess of Linux, when commercial distibutors try to steal the market from corporate MS, IBM and Sun, instead of investing the efforts to huge community of active home users, who find out MS XP wants cash everytime they buy new hardware or update buggy system.
is nothing unusual and there must be someone outside there who already went through this crap. never saw a really good firewall script, so I build my own. Which is also not good but works *for me*. My slight hope for getting help here vanishes as the deadline comes near, so I better learn it too. I'm disgusted. Even Java community that is strongly commercialized and complex has far better user support for anybody knowing what to achieve and just looking for quick solutions thousands of others already implemented.
I would not be surprised if you are correct :) Arrgh, I hate it.
Hum, debian costs even much more time to set up I think (IMHO). Yes, but I suspect I would accomplish it in the time I've lost with SuSE...
I think they hack to fast the stuff, no design, no concept, no use - for me :) I just hate scripts that source (!) config files... Not sure about the meaning, you probably talk about quick hacks that may somehow work but don't have long lifecycle. Well, I'm mot against it if it is a good help for common situations without the need for details, but when everybody just wants to sell even basic knowledge like in M$ world, I become irritated.
Is this discussion related to security of SuSE? Peter. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
Seems as if you are getting upset because a volunteer support mailing list does not answer your question as you like and on your schedule. Well, since you appear not to be able to search in Google and type in iptables, here is your silver platter: http://www.netfilter.org/documentation/ This contains all the information and links you will ever need to learn iptables. As to SuSEFirewall, you appear to be the only person I have seen on this list who is so disgusted with it. I have been using it for almost 2 years with no problem. In fact, I have mine configured to do most of what you are requesting below but just got to reviewing my email today. I learned how to do it by reading the documentation very thoroughly and a little of additional research on Google. As I remember, the general list (suse_e) has discussed most of what you are asking below several times in the past. Again, Google is a great resource for searching for this as well. (To help you out there, just go to the advanced search area and read the contents of the page to learn how to search that list using google). One thing I have seen on most mailing lists is that the less attitude you have and the more you appear to be trying to work and learn, the more likely someone will help. The more attitude you have which comes across (either directly or from how the message is written), the more likely people will ignore you. It would not surprise me at all if you downloaded SuSE (did not buy it), expected to obtain support from SuSE without paying for it, and then approached this mailing list demanding support on your schedule. Just my impression, but your attitude stinks. This response appears to be 12/1/2002 3:27:17 PM, Using SuSE <usingsuse80@yahoo.com> wrote:
--- Steffen Dettmer <steffen@dett.de> wrote:
SuSE-FW-NO_ACCESS_INT->FWEXT entry Sorry, I cannot help you with SuSEFirewall (I do not use it). You should ask on the mailinglist. I did not find any mailing list at SuSE site more closely related to firewall problems than this one. I don't want to cross-post to other, general lists.
it's not more difficult to build own rules :) I probably have to, even if I really did not want it. As I am starting again, installing sofisticated tools on 200MHz and learn about them will cost me some time.
SuSE has *some* great developers. But I never would rely on their buggy scripts. I somehow come to this decision too. I really would like to provide my knowledge foremost about getting third party software to run in SuSE scheme securely, but I'm getting sick of analyzing what's behind, using SDB that is just a lame excuse for its name, incompetent free installation help and commercial support that I don't want to pay for anymore. There will be no sucess of Linux, when commercial distibutors try to steal the market from corporate MS, IBM and Sun, instead of investing the efforts to huge community of active home users, who find out MS XP wants cash everytime they buy new hardware or update buggy system.
is nothing unusual and there must be someone outside there who already went through this crap. never saw a really good firewall script, so I build my own. Which is also not good but works *for me*. My slight hope for getting help here vanishes as the deadline comes near, so I better learn it too. I'm disgusted. Even Java community that is strongly commercialized and complex has far better user support for anybody knowing what to achieve and just looking for quick solutions thousands of others already implemented.
I would not be surprised if you are correct :) Arrgh, I hate it.
Hum, debian costs even much more time to set up I think (IMHO). Yes, but I suspect I would accomplish it in the time I've lost with SuSE...
I think they hack to fast the stuff, no design, no concept, no use - for me :) I just hate scripts that source (!) config files... Not sure about the meaning, you probably talk about quick hacks that may somehow work but don't have long lifecycle. Well, I'm mot against it if it is a good help for common situations without the need for details, but when everybody just wants to sell even basic knowledge like in M$ world, I become irritated.
Is this discussion related to security of SuSE?
Peter.
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Seems as if you are getting upset because a volunteer support mailing list does not answer your question as you like and on your schedule. Yes I am upset, but not because of this mailing list. I know I cannot await much here, but it was my last
--- James Bliss <bliss@attbi.com> wrote: option.
Well, since you appear not to be able to search in Google and type in iptables, here is your silver platter: http://www.netfilter.org/documentation/ Thanks, for tip, I already invested some time in other iptables resources, but I still believe I could utilize FW2 in some way instead, so I've rather registered and written to this list.
As to SuSEFirewall, you appear to be the only person I have seen on this list who is so disgusted with it. I have been using it for almost 2 years with no problem. In fact, I have mine configured to do most of what you are requesting below but just got to reviewing my email today. I learned how to do it by reading the documentation very thoroughly and a little of additional research on Google. I'm not disgusted, I want to tweak it, but fall short of it. In two years you probably also used older configurations and I would appreciate your input on new issues that can be accomplished in SuSE80.
As I remember, the general list (suse_e) has discussed most of what you are asking below several times in the past. Again, Google is a great resource Believe me, I've done my reseach and as a last instance I'm posting here. I have a rule that if I cannot solve particular problem within hours, I better ask around. Dogpile was better on this than Google. If you have working configuration SuSE80FW2 no additions to solve my problems with accessing services on accessing dynamic IP address from internal network and forwarding, just post it here. I suspect not to be only one appreciating it.
page to learn how to search that list using google). If you think I'm stupid, I will only adore you if you are compassionate enough with me to invest few seconds to find out links I need for my particular problems.
One thing I have seen on most mailing lists is that the less attitude you have and the more you appear to be trying to work and learn, the more likely someone will help. The more attitude you have which comes across (either directly or from how the message is written), the more likely people will ignore you. True, but I've described my problems and only then showed my attitude when confrontated with opinions of other users. I'm just nervous human and I try to work effective.
It would not surprise me at all if you downloaded SuSE (did not buy it), expected to obtain support from SuSE without paying for it, and then approached this mailing list demanding support on your schedule. Just my impression, but your attitude stinks. No, I bought 73, 80, 81 prof, Used free installation support for multimedia, security and paid commercial support for cryptography. Some of my problems made it to SDB. I'm active in open source Java%XML, AI, advanced DBs, animation and sound engineering. I've put my knowledge to website and want to make it public with free support. I thought my problems with networking are trivial, but I'm apparently wrong. Excuse me.
Peter. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
oki, since we have an OT thread already... * Using SuSE wrote on Sun, Dec 01, 2002 at 13:27 -0800:
--- Steffen Dettmer <steffen@dett.de> wrote:
it's not more difficult to build own rules :) I probably have to, even if I really did not want it. As I am starting again, installing sofisticated tools on 200MHz and learn about them will cost me some time.
I still agree this seems to be not a trivial problem; otherwise someone already had told: "Set SUSE_FW_SPECIAL_CONFIGVARIABLE" to "`cat /bin/hallo | susetool -asdf3w | tail -1`" or whatever. But this example is not a configuration but a programming in my opinion.
There will be no sucess of Linux,
There is already enough success if you ask me. Someone told a few days ago: "All experts already converted to linux. Now only laymen can follow...". To much success must not neccesarily be a good thing, BTW.
is also not good but works *for me*. My slight hope for getting help here vanishes as the deadline comes near, so I better learn it too. I'm disgusted. Even Java community that is strongly commercialized and complex has far better user support
Well, this is not a SuSE support list. When you pay SuSE support and they cannot help you, I would take my money back. But I cannot imagine that it's a problem to open a particular port, I just don't believe it. Maybe it's not elegant, maybe you need to edit a script, but finally it should work. It's a difference if you search for a well, clean solution (which may take much time) or any working solution (which should be no problem).
Hum, debian costs even much more time to set up I think (IMHO). Yes, but I suspect I would accomplish it in the time I've lost with SuSE...
Then you should use Debian. But I doubt that, still :)
I think they hack to fast the stuff, no design, no concept, no use - for me :) I just hate scripts that source (!) config files...
Not sure about the meaning, you probably talk about quick hacks that may somehow work but don't have long lifecycle. Well, I'm mot against it if it is a good help for common situations without the need for details, but when everybody just wants to sell even basic knowledge like in M$ world, I become irritated.
I see many responses that were posted here for free. But feel free to pay me :) SCNR.
Is this discussion related to security of SuSE?
At some points, yes. I think, the admin is the weakest part of a secured system. This implies to things: first, the configuration that has to be done by the admin must be simple to reduce risks of misconfiguration, and second, the admin must know what he is doing. It seems, you're not an admin but a developer. Well, I think you don't repair the engine of your car by yourself. But why you do such tasks as network security engineering? Why don't get someone setting up this? I never understood why every linux users and even more every windows user should know how to install and configure something, why everybody must be an admin. I think, most people should just work, it's sufficient to have a few admins, isn't it?? oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
participants (3)
-
James Bliss -
Steffen Dettmer -
Using SuSE