Re: [suse-security] firewall2 and ip-change with rp-pppoe
Why don't you just buy a decent router? Who has time for all this configuration nonsense?
Richard
On Mon, 18 Mar 2002, Pierre Naels wrote:
Hello,
i'm using suse 7.3 as a router for a privat network. Filtering and masquerading is done by firewall2. Connection to the internet is done by rp-pppoe. After booting, everything works out fine, but when i get a new IP (/usr/sbin/adsl-stop /usr/sbin/adsl-start), the Firewall2 seems to block the whole linux-mashine (not even ping to an IP). The Firewall-log shows (for example):
Mar 18 10:20:57 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC= SRC=193.189.244.205 DST=213.20.25.63 LEN=76 TOS=0x00 PREC=0x 00 TTL=247 ID=50701 PROTO=UDP SPT=53 DPT=1031 LEN=56
The router-funktion works out fine though. All Clients in my private Network can reach the Internet as usual. When i restart the Firewall, all
Hallo Richard,
Well, if you have a router you don't need, i aprreciate any donnations!
In the meantime, i count on the other friendly people in the mailinglist. If
you don't want to be one of them, thats up to you.
But why don't you just ignore my posting when you don't have time?
best regards
pierre
----- Original Message -----
From: "Richard Thornton"
This looks to me like a Firewall-configuration-problem. Any ideas what to do?? Should i ad any CUSTOMRULES?
Thanks for reading so far!
pierre
Here is my firewall2.rc.config:
FW_DEV_EXT="ppp0" FW_DEV_INT="eth1" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.1.0/24" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="no" FW_SERVICES_EXT_TCP="www ftp ssh 3756" FW_SERVICES_EXT_UDP="domain" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="www ftp domain ssh 139" FW_SERVICES_INT_UDP="domain" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="yes" FW_FORWARD="" FW_FORWARD_MASQ="" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="no" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="yes" FW_ALLOW_ FW_TRACEROUTE="yes" FW_ALLOW_ FW_SOURCEQUENCH="yes" FW_ALLOW_ FW_BROADCAST="no" FW_IGNORE_ FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="no"
participants (1)
-
Pierre Naels