Problem with SuSEfirewall2 configuration
Hello, I have recently installed SuSE Linux 8.1 on an "old" computer to run as a Windows (and Linux) File- and Print-Server and to have access to the internet (ISDN card on server: no!!! dial on demand). Everything (samba, squid, bind9, ssh) seems to work correctly without the firewall running. But when the firewall is started, only working with ssh is possible. Perhaps these messages are interesting while the computer is booting: Starting Firewall Initialization (phase 3 of 3): No chain/target/match by that name iptables v1.2.7a: host/network 'ippp0' not found [...] iptables v1.2.7a: Maximum prefix length 29 for --log-prefix [...] Warning: FW_SERVICES_DNS defined, but no DNS server found running! Warning: FW_SERVICES_SQUID defined, but no Squid server found running! (DNS and Squid server are started a few seconds later.) Changes in /etc/sysconfig/SuSEfirewall2: FW_DEV_EXT="ippp0" FW_DEV_INT="eth0" FW_SERVICES_INT_TCP="domain 22 25 110 443 3128 137 138 139 901" FW_SERVICES_INT_UDP="domain 22 25 110 443 3128 137 138 139 901" FW_ALLOW_INCOMING_HIGHPORTS_UDP="no" FW_SERVICE_DNS="yes" FW_SERVICE_SQUID="yes" FW_SERVICE_SAMBA="yes" Is there a problem with the kind of internet connection I use (manual dialing)? Are all neccessary ports accessible from the clients (especially the samba ports)? Thank you for help. Cheers, Christian Schneider __________________________________________________________________ Gesendet von Yahoo! Mail - http://mail.yahoo.de Bis zu 100 MB Speicher bei http://premiummail.yahoo.de
Christian Schneider wrote:
I have recently installed SuSE Linux 8.1 on an "old" computer to run as a Windows (and Linux) File- and Print-Server and to have access to the internet (ISDN card on server: no!!! dial on demand).
Everything (samba, squid, bind9, ssh) seems to work correctly without the firewall running. But when the firewall is started, only working with ssh is possible.
Please be a bit more verbose. Are you getting error messages when using squid for example? ( Those "Internet Explorer" error messages are often misleading. I disable them, if someone here has problems. )
Is there a problem with the kind of internet connection I use (manual dialing)?
Yes, it's most likely that the problem you're experiencing are connected to the manual setting.
Are all neccessary ports accessible from the clients (especially the samba ports)?
Looks ok. I think Samba also uses Boradcasts, so check that those are allowed. Peter
Hi Christian, You need to start the firewall when you dial out. using the ip-up script. The DNS and Squid will then be up and running and should not alarm. Ian On Monday 24 February 2003 16:30, Christian Schneider wrote:
Hello,
I have recently installed SuSE Linux 8.1 on an "old" computer to run as a Windows (and Linux) File- and Print-Server and to have access to the internet (ISDN card on server: no!!! dial on demand).
Everything (samba, squid, bind9, ssh) seems to work correctly without the firewall running. But when the firewall is started, only working with ssh is possible.
Perhaps these messages are interesting while the computer is booting:
Starting Firewall Initialization (phase 3 of 3): No chain/target/match by that name iptables v1.2.7a: host/network 'ippp0' not found [...] iptables v1.2.7a: Maximum prefix length 29 for --log-prefix [...] Warning: FW_SERVICES_DNS defined, but no DNS server found running! Warning: FW_SERVICES_SQUID defined, but no Squid server found running!
(DNS and Squid server are started a few seconds later.)
Changes in /etc/sysconfig/SuSEfirewall2:
FW_DEV_EXT="ippp0" FW_DEV_INT="eth0" FW_SERVICES_INT_TCP="domain 22 25 110 443 3128 137 138 139 901" FW_SERVICES_INT_UDP="domain 22 25 110 443 3128 137 138 139 901" FW_ALLOW_INCOMING_HIGHPORTS_UDP="no" FW_SERVICE_DNS="yes" FW_SERVICE_SQUID="yes" FW_SERVICE_SAMBA="yes"
Is there a problem with the kind of internet connection I use (manual dialing)? Are all neccessary ports accessible from the clients (especially the samba ports)?
Thank you for help.
Cheers,
Christian Schneider
__________________________________________________________________
Gesendet von Yahoo! Mail - http://mail.yahoo.de Bis zu 100 MB Speicher bei http://premiummail.yahoo.de
U must make sure the ip-up script is for SuSEfirewall2, I had a similar problem and that was because the default script on my SuSe7.3 box was for SuSEfirewall See mail from yast below: Congratulations to your installation of / update to SuSEfirewall2-1.7. Please have a look at the firewall2 configuration file in /etc/rc.confid.d/firewall2.rc.config and edit it according to your needs before you start SuSEfirewall2. If you have SuSEfirewall (the old one) running, you need to stop that one before (rcSuSEfirewall stop) starting SuSEfirewall2. Documentation about SuSEfirewall2 may be found in the directory /usr/share/doc/packages/packages/SuSEfirewall2/ Please check that the ip-up script from there is installed in /etc/ppp/ip-up Yours, SuSE Security Team
participants (4)
-
Andre Vorster -
Christian Schneider -
Ian David Laws -
Peter Wiersig