Hi , i installed Suse 6.3 with firewall 1.4. I want to permit the following access through the firewall: www, domain, ftp, smtp and ssh. Then i made some adjustments in "rc.firewall" like : FW_ROUTE="yes" FW_TCP_SERVICES_EXTERNAL="smtp www domain ftp" FW_UDP_SERVICES_EXTERNAL="domain smtp ftp" After starting of firewall i have full access from internal network to internet but there isn't any access from Internet and no mail.... Could someone tell me what should i do? Alireza
als wrote:
i installed Suse 6.3 with firewall 1.4. I want to permit the following access through the firewall: www, domain, ftp, smtp and ssh. Then i made some adjustments in "rc.firewall" like : FW_ROUTE="yes" FW_TCP_SERVICES_EXTERNAL="smtp www domain ftp" FW_UDP_SERVICES_EXTERNAL="domain smtp ftp"
After starting of firewall i have full access from internal network to internet but there isn't any access from Internet and no mail.... Could someone tell me what should i do?
I don't know if you've got this sorted yet, but... If you're using fetchmail or netscape or something similar to get the mail, you need to open up tcp port 110 (pop3 in /etc/services). The smtp port is only used for sending mail (unless you are having your mail sent directly to you by your ISP using sendmail, but if you're a home user I doubt that). What do you mean by 'but there isn't any access from Internet'? Hope that helps, Chris -- __ _ -o)/ / (_)__ __ ____ __ Chris Reeves /\\ /__/ / _ \/ // /\ \/ / ICQ# 22219005 _\_v __/_/_//_/\_,_/ /_/\_\
als wrote:
i installed Suse 6.3 with firewall 1.4. I want to permit the following access through the firewall: www, domain, ftp, smtp and ssh. Then i made some adjustments in "rc.firewall" like : FW_ROUTE="yes" FW_TCP_SERVICES_EXTERNAL="smtp www domain ftp" FW_UDP_SERVICES_EXTERNAL="domain smtp ftp"
After starting of firewall i have full access from internal network to internet but there isn't any access from Internet and no mail.... Could someone tell me what should i do?
I don't know if you've got this sorted yet, but...
If you're using fetchmail or netscape or something similar to get the mail, you need to open up tcp port 110 (pop3 in /etc/services). The smtp port is only used for sending mail (unless you are having your mail sent directly to you by your ISP using sendmail, but if you're a home user I doubt that). What do you mean by 'but there isn't any access from Internet'?
Hope that helps, Chris
hi, my fine working settings in /etc/rc.config.d/firewall.rc.config to get defined access from internal network over ippp0 interface to the internet and from outside (internet) onto my system are: FW_DEV_WORL="ippp0" FW_DEV_INT="eth0 eth0:0 eth0:1" . . . FW_ROUTE="yes" FW_MASQUERADING="yes" FW_MASQ_NETS="[internal-net-ip]" FW_MASQ_DEV="$FW_DEV_WORLD" FW_PROTECT_FROM_INTERNAL="yes" FW_AUTOPROTECT_GLOBAL_SERVICES="yes" FW_SERVICES_EXTERAL_TCP="25" # smtp FW_SERVICES_EXTERAL_UDP="" # none . . . FW_SERVICES_INTERNAL_TCP="25 53 80 110 137:139 443 3128" # smtp dns www pop3 # netbios(ns,dgm,ssn) # ssl proxy (squid) FW_SERVICES_INTERNAL_UDP="53 137:139" # dns netbios(ns,dgm,ssn) . . . FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_DNS="yes" FW_SERVICE_DHCLIENT_"no" FW_SERVICE_DHCPD="yes" . . . FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="yes" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_MASQ_MODULES="autofw cuseeme ftp irc mfw portfw quake raudio user vdolive" there is no necessity for opening the external ports www domain ftp, smtp and ssh, except you're running a web-server like apache on your system. greetings s.schmitz -------------------------------------------------- e-mail : s.schmitz@gmx.de phone: +49-2803-93424 homepage: ---------------- fax : +49-2803-93426 -------------------------------------------------- "Das Leben ist das, was sich ereignet, während wir mit anderen Dingen beschäftigt sind." (John Lennon) --------------------------------------------------
participants (3)
-
als -
Chris Reeves -
Stefan Schmitz