-----Ursprüngliche Nachricht----- Von: Dan Amthor <dan@switchboard.de> An: suse-security@suse.com <suse-security@suse.com> Datum: Montag, 23. August 1999 00:10 Betreff: Re: [suse-security] ipfwadm on a 6.1
-----Ursprüngliche Nachricht----- Von: Niall Cosgrove <wid@ook.connect.ie> An: Dan <wdlists@webdirekt.de> Cc: suse-security@suse.com <suse-security@suse.com> Datum: Freitag, 13. August 1999 17:24 Betreff: Re: [suse-security] ipfwadm on a 6.1
AFAIK under suse 6.1 if you install the 2.2 series kernel, you are expected to be using ipchains rather than ipfwadm. the 2.0.36 suse kernel will probably give you better milage with ipfwadm
Niall (willing to be contradicted)
I did that, however , with all routes set correctly and IP-Forwarding and masquerading turned on in the (2.0 !) kernel, I still could nod get from
local 192-net to the internet. The world-device (Eth1) though was pingable from the inside. Me no understand. Are there any other kernel parameters or configs ?
Dan
On Fri, 13 Aug 1999, Dan wrote:
Hi all, when my old ne2000 on the ipfwadm-configured gateway packed in, i
the thought
'service not available' and the classic 'file not found', even though ipfwadm was installed by default. i doctored around the kernel a bit , but no change. anybody encountered
it was a good time to upgrade to suse-6.1 and better hardware. however 'ipfwadm' refused to work with 6.1 telling me that problem ?
best dan
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-----Original Message----- From: Dan [mailto:wdlists@webdirekt.de] Sent: Monday, August 23, 1999 6:14 AM To: suse-security@suse.com Subject: Re: [suse-security] ipfwadm on a 6.1
AFAIK under suse 6.1 if you install the 2.2 series kernel, you are expected to be using ipchains rather than ipfwadm. the 2.0.36 suse kernel will probably give you better milage with ipfwadm
Niall (willing to be contradicted)
I did that, however , with all routes set correctly and IP-Forwarding and masquerading turned on in the (2.0 !) kernel, I still could nod get from the local 192-net to the internet. The world-device (Eth1) though was pingable from the inside. Me no understand. Are there any other kernel parameters or configs ?
Dan
On Fri, 13 Aug 1999, Dan wrote:
Hi all, when my old ne2000 on the ipfwadm-configured gateway packed in, i
thought it was a good time to upgrade to suse-6.1 and better hardware. however 'ipfwadm' refused to work with 6.1 telling me
'service not available' and the classic 'file not found', even
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dan, Maybe you can do this. Goto "/etc/rc.d/init.d and" and do a "mv firewall firewall.bak" then use this script that I have written to make use of firewalling and masquerading with "ipfwadm-wrapper". root@firewall:/etc/rc.d/init.d > cat firewall | more #!/bin/sh # # Firewall rules # # # Source function library. #. /etc/rc.d/init.d/functions [ -f /sbin/ipfwadm-wrapper ] || exit 0 IPFW="/sbin/ipfwadm-wrapper" MQMOD="/sbin/modprobe" # See how the rules are called. case "$1" in start) echo -n "Starting Firewall: " $IPFW -F -p deny $IPFW -F -f $IPFW -I -f $IPFW -O -f $MQMOD ip_masq_ftp $MQMOD ip_masq_raudio $MQMOD ip_masq_irc $MQMOD ip_masq_cuseeme $MQMOD ip_masq_vdolive $MQMOD ip_masq_quake $IPFW -I -a deny -S 192.168.1.0/24 -W eth0 $IPFW -F -a accept -m -S 192.168.1.0/24 -D 0.0.0.0/0 $IPFW -F -a accept -W eth1 -D 192.168.1.0/24 $IPFW -I -a accept -S 192.168.1.0/24 -W eth0 $IPFW -I -a accept -P udp -S 0.0.0.0/0 53 -D 192.168.1.0/0 1024:65535 -W eth0 $IPFW -I -a accept -P udp -S 0.0.0.0/0 53 -D 192.168.1.0/0 1024:65535 -W eth0 $IPFW -I -a accept -P icmp -S 0.0.0.0/0 0 -D 192.168.1.0/0 1024:65535 -W eth0 $IPFW -I -a accept -P tcp -S 0.0.0.0/0 80 -D 192.168.2.2/24 80 $IPFW -I -a accept -P tcp -S 0.0.0.0/0 443 -D 192.168.2.2/24 443 $IPFW -I -a accept -P tcp -S 0.0.0.0/0 25 -D 192.168.2.2/24 25 $IPFW -I -a accept -P tcp -S 0.0.0.0/0 110 -D 192.168.2.2/24 110 $IPFW -I -a accept -P tcp -S 0.0.0.0/0 22 -D 192.168.2.2/22 22 $IPFW -I -a accept -P tcp -S 0.0.0.0/0 20 -D 192.168.1.0/24 1024:65535 $IPFW -I -a accept -P tcp -S 0.0.0.0/0 20 -D 192.168.2.0/24 1024:65535 echo ;; stop) echo -n "Shutting down Firewall: " $IPFW -F -f $IPFW -I -f $IPFW -O -f $IPFW -F -p allow $IPFW -I -a accept -P tcp -D 192.168.2.2/24 110 $IPFW -I -a accept -P tcp -D 192.168.2.2/22 22 $IPFW -I -a accept -P tcp -S 0.0.0.0/0 20 -D 192.168.1.0/24 1024:65535 $MQMOD ip_masq_ftp $IPFW -F -a accept -W eth1 -D 192.168.1.0/24 echo ;; stop) echo -n "Shutting down Firewall: " $IPFW -F -f $IPFW -I -f $IPFW -O -f $IPFW -F -p allow $IPFW -I -p allow $IPFW -O -p allow echo ;; restart) $0 stop $0 start ;; *) echo "Usage: $0 {start|stop|restart}" exit 1 esac exit 0 # End of script. Make sure this file is named as /etc/rc.d/init.d/firewall and you just have to make sute that you have /sbin/ipfwadm-wrapper installed and do a ./firewall start | restart | stop to use it. Hope it helps. - -- Moonshi Mohsenruddin moonshi@linux.com.sg Singapore icq:2595480 http://www.linux.com.sg though
i doctored around the kernel a bit , but no change. anybody encountered
ipfwadm was installed by default. that problem ?
best dan
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.0.2i iQA/AwUBN8Br3mefe0TVuy5lEQKAQQCgm8WWkJ/2K+xTGtE52PrchumsT+kAoM2u fMWOpjQH1IjSmnbTLSIwLlzA =EO3w -----END PGP SIGNATURE-----
participants (2)
-
Dan -
Moonshi Mohsenruddin