SuSEFirewall2, smtp, nntp, telnet
Hi, got probs with configuring SuSEFirewall2 (SF2). Transparent proxiing (Squid) with Web-Browser works. Also Masquerading (ping_to_Internet) From some aacounts i can get eMail with my eMail-Client (Outlook) over Masq. But I can't send them. Even telnet through the Firewall for testing mail-traffic does not work. And at least I tried to get nntp over Squid-SSL and it does not work. Whats wrong with my configuration: Thanx 4 help and Here it is: FW_DEV_EXT="ppp0" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.0.0/16 10.0.0.0/16" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="25 80" FW_SERVICES_EXT_UDP="" # Common: domain FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="23 25 53 110 119 3128" FW_SERVICES_INT_UDP="23 25 53 110 119" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="192.168.0.0/16 10.0.0.0/16" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="yes" FW_SERVICE_SAMBA="no" FW_FORWARD="" FW_FORWARD_MASQ="" FW_REDIRECT="192.168.0.0/16,0/0,tcp,80,3128 192.168.0.0/16,0/0,tcp,21,3128 192.168.0.0/16,0/0,udp,80,3128 192.168.0.0/16,0/0,udp,21,3128 192.168.0.0/16,0/0,tcp,443,3128 192.168.0.0/16,0/0,udp,443,3128 192.168.0.0/16,0/0,tcp,563,3128 192.168.0.0/16,0/0,udp,563,3128" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="yes" FW_ALLOW_PING_EXT="no" #-------------------------------------------------------------------------# # # # EXPERT OPTIONS - I left them on default!! # # # #-------------------------------------------------------------------------#
Hi, found my mistake. Cause i've no local DNS, I had to fill-in the Provider-DNS into each Client-Configuration. Now it's going to be a sunny Sunday .-), Bye, Rene ----- Original Message ----- From: "R. Ullenboom" <rene@ullenboom.de> To: <suse-security@suse.com> Sent: Sunday, January 27, 2002 10:22 AM Subject: [suse-security] SuSEFirewall2, smtp, nntp, telnet
Hi, got probs with configuring SuSEFirewall2 (SF2). Transparent proxiing (Squid) with Web-Browser works. Also Masquerading (ping_to_Internet) From some aacounts i can get eMail with my eMail-Client (Outlook) over Masq. But I can't send them. Even telnet through the Firewall for testing mail-traffic does not work. And at least I tried to get nntp over Squid-SSL and it does not work. Whats wrong with my configuration:
Thanx 4 help and
Here it is:
FW_DEV_EXT="ppp0" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.0.0/16 10.0.0.0/16" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="25 80" FW_SERVICES_EXT_UDP="" # Common: domain FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="23 25 53 110 119 3128" FW_SERVICES_INT_UDP="23 25 53 110 119" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="192.168.0.0/16 10.0.0.0/16" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="yes" FW_SERVICE_SAMBA="no" FW_FORWARD="" FW_FORWARD_MASQ=""
FW_REDIRECT="192.168.0.0/16,0/0,tcp,80,3128 192.168.0.0/16,0/0,tcp,21,3128 192.168.0.0/16,0/0,udp,80,3128 192.168.0.0/16,0/0,udp,21,3128 192.168.0.0/16,0/0,tcp,443,3128 192.168.0.0/16,0/0,udp,443,3128 192.168.0.0/16,0/0,tcp,563,3128 192.168.0.0/16,0/0,udp,563,3128"
FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="yes" FW_ALLOW_PING_EXT="no"
#-------------------------------------------------------------------------#
# # # EXPERT OPTIONS - I left them on default!! # # #
#-------------------------------------------------------------------------#
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hi,
FW_REDIRECT="192.168.0.0/16,0/0,tcp,80,3128 192.168.0.0/16,0/0,tcp,21,3128 192.168.0.0/16,0/0,udp,80,3128 192.168.0.0/16,0/0,udp,21,3128 192.168.0.0/16,0/0,tcp,443,3128 192.168.0.0/16,0/0,udp,443,3128 192.168.0.0/16,0/0,tcp,563,3128 192.168.0.0/16,0/0,udp,563,3128"
I have a question about your squid configuartion. You redirected everything squid can handle to squid default port. So you had to switch squid to work in transparent mode. You had to add these lines I think. <--snap httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on snap---> So my question is how do I have to configure squid to get the destination address from the header the client sents? When your Configuration is right and you can access https, http, ftp and nntps through the same squid proxy how did you configure squid? Ciao ;-) Robert Rottscholl
participants (2)
-
R. Ullenboom -
Robert Rottscholl