hi, in order to provide ftp, ssh and telnet within your lan you have to set FW_TRUSTED_NETS="192.168.0.0/16" FW_SERVICES_TRUSTED_TCP="ftp ssh telnet" accessing your private linux box from within your office lan may become a bit tricky, since you only provided a private ip address for your linux box and requests to that address will not be routed. do you have a gateway or firewall or proxy within your lan, with at least one official ip address? if so, you may be lucky and there is a possibility to connect to your linux box from your office. you could use port-forwarding or something similar on your gateway. cheers, stefan -----Ursprüngliche Nachricht----- Von: Alberto Santana [mailto:santana@qtp.ufl.edu] Gesendet: Montag, 11. März 2002 21:41 An: suse-security@suse.com Betreff: [suse-security] SuSEfirewall? Hi all, About SuSEFirewall. My Linux box (192.168.0.3) is in a small (trusted) LAN. I want everybody in the LAN to have ftp, telnet and ssh access to my box and vice versa. I also want to access my box from my office (128.227.x.y) using (only) ssh. Will this firewall.rc.config do the trick? Suggestions are welcome. thanks. FW_DEV_WORLD="eth0" FW_DEV_INT="" FW_DEV_DMZ="" FW_ROUTE="no" FW_MASQUERADE="no" FW_MASQ_NETS="" FW_MASQ_DEV="$FW_DEV_WORLD" FW_PROTECT_FROM_INTERNAL="yes" FW_AUTOPROTECT_GLOBAL_SERVICES="yes" FW_SERVICES_EXTERNAL_TCP="ssh 22" FW_SERVICES_EXTERNAL_UDP="" FW_SERVICES_EXTERNAL_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INTERNAL_TCP="21:23 " FW_SERVICES_INTERNAL_UDP="" FW_SERVICES_INTERNAL_IP="" FW_TRUSTED_NETS="128.227.x.y" FW_SERVICES_TRUSTED_TCP="ssh" FW_SERVICES_TRUSTED_UDP="" FW_SERVICES_TRUSTED_IP="" FW_SERVICES_TRUSTED_ACL="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SAMBA="no" FW_FORWARD_TCP="" FW_FORWARD_UDP="" FW_FORWARD_IP="" FW_FORWARD_MASQ_TCP="" FW_FORWARD_MASQ_UDP="" FW_REDIRECT_TCP="" FW_REDIRECT_UDP="" FW_KERNEL_SECURITY="no" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="yes" ## # END of firewall.rc.config ## -- BEST WISHES, Alberto MMM \|/ www __^__ (o o) @ @ (O-O) /(o o)\ +-----ooO-(_)-Ooo---oOO-(_)-OOo---oOO--(_)--OOo---oOO==(_)==OOo-----+ | Alberto Santana | | Ph.D. Student Email: santana@qtp.ufl.edu | | University of Florida Phone: (352) 392-3010 | | Quantum Theory Project Home: (352) 379-9938 | | 2301 NPB # 92, P.O. Box 118435 Fax: (352) 392-8722 | | Gainesville, Fl 32611-8435 http://www.qtp.ufl.edu/~santana | +-------------------------------------------------------------------+ Powered by SuSE Linux 7.1 (http://www.suse.com) -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here