Hi, I have a setup as follows Internet =pppoe fixed ip LAN= eth0 192.168.1.0/24 DMZ= eth2 192.168.2.0/29 I have set SuSE firewall 5.1 on the Firewall/router box and on the DMZ box. Evertyhing works fine until LAN starts a rsync or an ftp request. Then the commnication to LAN drops down I need to bring eth0 down and up again. If it's mail or web traffic everything works fine. Below is my setup for the main firewall. What do I need to stop the LAN from droping FW_DEV_WORLD="ppp0" FW_DEV_INT="eth0" FW_DEV_DMZ="eth2" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_NETS="192.168.1.0/24" FW_MASQ_DEV="$FW_DEV_WORLD" FW_PROTECT_FROM_INTERNAL="yes" FW_AUTOPROTECT_GLOBAL_SERVICES="yes" FW_SERVICES_EXTERNAL_TCP="22 25 80 443" FW_SERVICES_EXTERNAL_UDP="" FW_SERVICES_DMZ_TCP="domain ssh 80 443" FW_SERVICES_DMZ_UDP="domain" FW_SERVICES_INTERNAL_TCP="21 22 25 53 110 119 161 162 873 6667" FW_SERVICES_INTERNAL_UDP="domain 161 162" FW_SERVICES_INTERNAL_IP="" FW_TRUSTED_NETS="192.168.1.3" FW_SERVICES_TRUSTED_TCP="ssh 161:162" FW_SERVICES_TRUSTED_UDP="ssh 161:162" FW_SERVICES_TRUSTED_IP="" FW_SERVICES_TRUSTED_ACL="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SAMBA="no" FW_FORWARD_TCP="192.168.1.3,192.168.2.2,22 \ 192.168.1.3,192.168.2.2,161:162" FW_FORWARD_UDP="192.168.1.3,192.168.2.2,161:162" FW_FORWARD_IP="" FW_FORWARD_MASQ_TCP="0/0,192.168.2.2,80 0/0,192.168.2.2,443\ 216.200.145.35,192.168.1.3,25 216.200.145.36,192.168.1.3,25\ 216.200.145.37,192.168.1.3,25 216.200.145.38,192.168.1.3,25 " FW_FORWARD_MASQ_UDP="" # Redirect TCP connections FW_REDIRECT_TCP="192.168.1.0/24,0/0,21,21 192.168.1.0/24,0/0,6667,7666" # Redirect UDP connections FW_REDIRECT_UDP="" # Log critical denied network packets FW_LOG_DENY_CRIT="yes" # Log all denied packets FW_LOG_DENY_ALL="no" # Log critical accepted packets FW_LOG_ACCEPT_CRIT="yes" # Log all accepted packets FW_LOG_ACCEPT_ALL="no" FW_KERNEL_SECURITY="no" FW_STOP_KEEP_ROUTING_STATE="yes" # Allow ping on firewall FW_ALLOW_PING_FW="yes" # Allow ping on DMZ targets FW_ALLOW_PING_DMZ="no" FW_ALLOW_FW_TRACEROUTE="no" FW_ALLOW_FW_SOURCEQUENCH="yes" #using ftp-proxy so redirect 21 -> #using tircproxy so redirect 6667 ->7666 FW_MASQ_MODULES="autofw cuseeme mfw portfw h323 quake raudio user vdolive" FW_CUSTOMRULES="/etc/rc.config.d/firewall-custom.rc.config"
participants (1)
-
Togan Muftuoglu