Re: [suse-security] SuSEfirewall2, two links and routing between them

27 Oct 2003


      Hi Marcelo,

The only problem that I'm having is the describe into the first message,
because this I believe that my setup is correct ("I" believe ;)) )...
Well, I sent my configuration below:
"
FW_QUICKMODE="no"
FW_DEV_EXT="eth0 eth1" # I have two Internet links
FW_DEV_INT="eth2" # I have a DMZ and a LAN
FW_DEV_DMZ="eth3"
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="192.168.0.0/24 192.168.1.0/24"
FW_PROTECT_FROM_INTERNAL="yes"
FW_AUTOPROTECT_SERVICES="yes"
FW_SERVICES_EXT_TCP="22 80"
FW_SERVICES_EXT_UDP=""
FW_SERVICES_EXT_IP=""
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_INT_TCP="80 3128"
FW_SERVICES_INT_UDP=""
FW_SERVICES_INT_IP=""
FW_SERVICES_QUICK_TCP=""
FW_SERVICES_QUICK_UDP=""
FW_SERVICES_QUICK_IP=""
FW_TRUSTED_NETS="192.168.0.0/24 200.171.207.195"
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
FW_SERVICE_AUTODETECT="yes"
FW_SERVICE_DNS="yes"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="no"
FW_SERVICE_SQUID="yes"
FW_SERVICE_SAMBA="no"
FW_FORWARD=""
FW_FORWARD_MASQ="0/0,192.168.1.2,tcp,5000 \
                0/0,192.168.1.2,tcp,1115"
FW_REDIRECT=""
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG="--log-level warning --log-tcp-options --log-ip-option
--log-prefix SuSE-FW"
FW_KERNEL_SECURITY="no"
FW_STOP_KEEP_ROUTING_STATE="yes"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="no"
FW_ALLOW_FW_TRACEROUTE="yes"
FW_ALLOW_FW_SOURCEQUENCH="yes"
FW_ALLOW_FW_BROADCAST="no"
FW_IGNORE_FW_BROADCAST="yes"
FW_ALLOW_CLASS_ROUTING="no"
FW_CUSTOMRULES=""
FW_REJECT="no"
FW_HTB_TUNE_DEV=""
"

Regards,

Fabiano Felix


Em Sex, 2003-10-24 às 15:09, Unidad de Soporte Técnico del Instituto
Crandon escreveu:
...
some questions about that . . .
* did you enable routing between dmz, internal and external nets ?
* did you allow the correct services in the dmz interface ?
anycase, if you want, send me your firewall conf file so that I can help you
beter
Greetings
Marcelo.
-- Original Message -- 
From: "Fabiano Felix" <felix@getnet.com.br>
To: <suse-security@suse.com>
Sent: Friday, October 24, 2003 1:44 PM
Subject: [suse-security] SuSEfirewall2, two links and routing between them
...
Hi all,
I'm having a problem using SuSEfirewall2. I have the following
environment:
- 01 Internet link with 2Mb (ADSL);
- 01 Internet link with 256Kb (F. Relay);
- 01 DMZ;
- 01 LAN.
The ADSL connection is used to Internet access. The FR is used to
provide a Windows Media Server, and the WM Server is on the DMZ.
Accessing this service from Internet I don't have any problems, but when
I try to access it from LAN, I receive the following message:
"
SuSE-FW-ACCESS_DENIED_INT IN=eth2 OUT=
MAC=00:06:4f:06:78:59:00:50:da:64:58:e2:08:00 SRC=192.168.0.58 DST=200.
300.400.500 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=18893 DF PROTO=TCP
SPT=2368 DPT=1115 WINDOW=64240 RES=0x00 SYN URGP=0 OPT
(020405B401010402)
"
Searching into archives, I found that it is a (correct) firewall
protection, but I need to solve this. I was wondering that is possible
to correct this creating a custom rule. Can someone help me??
Regards,
Fabiano Felix
-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@suse.com
Security-related bug reports go to security@suse.de, not here

Fabiano Felix

tags

participants (1)