RE: [suse-security] /etc/sysconfig
Thanks Armin, I reinstall the package, according to Togan there is no /etc/sysconfig on 7.3 and I have to use /etc/rc.config.d/firewall2.rc.config. After I did several setting to match our network. I still cannot ftp to the world from internal. How should i set this thing, on FW_MASQ_NETS? I want to let internal network to do icmp/ping and set FW_ALLOW_PING_INTERNET="yes" but still can not ping. Can you give me the clue. M. Edwin -----Original Message----- From: Armin Schoech [mailto:schoech@iap-kborn.de] Sent: Monday, March 31, 2003 2:17 PM To: suse-security@suse.com Subject: RE: [suse-security] /etc/sysconfig Hi !
I downloaded a tar.gz file and then install it through the ./INSTALL script. By the way I'm using 7.3 could you show me the right RPM where
i can dowload it.
--> What about: ftp.suse.com /pub/suse/i386/7.3/suse/sec1/SuSEfirewall2.rpm It might not be the most up-to-date version though. HTH, Armin -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi !
Thanks Armin, I reinstall the package, according to Togan there is no /etc/sysconfig on 7.3 and I have to use /etc/rc.config.d/firewall2.rc.config.
- --> Couldn't tell you that because I have updated all my boxes to 8.0
After I did several setting to match our network. I still cannot ftp to the world from internal. How should i set this thing, on FW_MASQ_NETS?
I want to let internal network to do icmp/ping and set FW_ALLOW_PING_INTERNET="yes" but still can not ping. Can you give me the clue.
- --> Sorry, can't help you here. I'm not using the firewall for internal net protection (I only have single boxes). Armin - -- Am Hasenberg 26 office: Institut für Atmosphärenphysik D-18209 Bad Doberan Schloss-Straße 6 Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+iEG5G8Xv4GxznLoRApaKAJ43g7UM59DDdhLUf2kpXUoKjZB2wACgqG0e ++i0dXjO1utSVF33EvR31I8= =9NKD -----END PGP SIGNATURE-----
Hi Am Montag, 31. März 2003 14:07 schrieb M. Edwin:
After I did several setting to match our network. I still cannot ftp to the world from internal. How should i set this thing, on FW_MASQ_NETS?
FW_MASQ_NETS="192.168.10.0/24" -> all in C-class 192.168.10.0/24 can connect to the internet (and are masqueraded) FW_MASQ_NETS="192.168.10.1/32 192.168.10.2/32" -> only Machine with IP .1 and .2 can comunicate with internet servers for ftp: ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data"
I want to let internal network to do icmp/ping and set FW_ALLOW_PING_INTERNET="yes" but still can not ping. Can you give me the clue.
FW_ALLOW_PING_INTERNET ????? I don't know this variable try to locate the problem with the logfiles /var/log/firewall, tcpdump and traceroute /Christian
participants (3)
-
Armin Schoech -
Christian Hernmarck -
M. Edwin