Hi lars, Thanks for your reply. I think it means the same. I just wonder, even it works also in our site but if I ping to a machine in internet from internal machine it's not reply 100%, RTO always come (I'm sure that the machine allow the icmp request). It never happen before I installed the firewall2. Is there anyone here facing the same problem? What do you mean by your basic policy? greetings M. Edwin -----Original Message----- From: lars [mailto:lars@brainlift.de] Sent: Friday, April 04, 2003 2:49 PM To: Moh Edwin Subject: Re: [suse-security] SuSE Firewall2 Hi, i´m not sure about the syntax / spelling; this may be correct: iptables -A INPUT -i eth1 -s 192.168.117.0/24 -d 0/0 -p icmp --icmp-type echo-request -j ACCEPT works at my box (though I still got a problem with my default olicy, ;-) but basically my firewall works well). greetings warzenpower

Hi all,

I just installed SuSE firewall2 on 7.3 and already setup the config file according to our need. I allow access from internal to outside on

ftp, ssh, www, smtp and pop. From the outside only ssh and web are accessible. I check with nmap and everything is OK. I also set the internal net to ping the outside, but I thing something wrong because it cannot work.

I put :

FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_EXT="yes"

and also add on firewall2-custom.config

iptables -A input -i eth1 -s 192.168.117.0/24 -d 0/0 -j ACCEPT -p icmp

--icmp-type echo-request

Is this wrong?

I also got an email from someone that when he's trying to send me an email, the message is connection timeout to my email server, which is reside on separate machine (with public IP and always connect to internet with leased channel) and also running firewall2 on 7.3 with main function is to protect smtp and pop3. This is not happen before I

installed firewall2. Is there a "delay effect" after firewall2 installation?

TIA M. Edwin

-- http://www.ruebenschweine.de Try also: http://www.warzenpower.de +++ http://www.lars-und-sandra.de +++ http://www.r100rt.de Diese email wurde automatisch generiert, Sie können deshalb nicht darauf antworten; webmaster@warzenpower.de