SuSE Firewall 4.2
Dear All After much thought and hacking with a keyboard - kind of thing you'd normally associate with kernel coding - I've downloaded Marc's SuSEfirewall-4.2.tar.gz firewall and installed it into my SuSE 7.0 internet facing dialup box. Looks like this....... -------- -------- ----------- | network | --> | gateway | --> | internet | -------- --------- ----------- Marc's words make for interesting reading. I've read all the stuff that comes with it. After doing ./INSTALL from the /tmp directory I found that it installed in the way that it's supposed to. When I re-booted the machine (no real need for that) I found that the firewall started in the way that it should. However, I now find that when I connect to the net with the local ISDN system all things from my ISP are blocked. I have changed the options in /etc/rc.config.d/firewall.rc.config and tried several things. Still won't let me into the net for web pages or ftp or mail. Pinging my ISP from the gateway box just results in a frozen command line. In /var/log/messages I can see quite a few lines which say...... Packet log: input DENY ippp0 PROTO=17 194.247.47.47:53 194.247.44.222:1032 L=137 S=0x00 I=0 F=0x4000 T=62 (#100) Anyone know what to change here ? Now that I've installed firewall 4.2 I'd like to be able to use it. It would be a shame to throw it away. I need to use ftp, www, mail and ping out from the box to my ISP. Thanks -- Richard
Richard wrote: [network and install description snipped]
When I re-booted the machine (no real need for that) I found that the firewall started in the way that it should. However, I now find that when I connect to the net with the local ISDN system all things from my ISP are blocked. I have changed the options in /etc/rc.config.d/firewall.rc.config and tried several things. Still won't let me into the net for web pages or ftp or mail. Pinging my ISP from the gateway box just results in a frozen command line.
In /var/log/messages I can see quite a few lines which say......
Packet log: input DENY ippp0 PROTO=17 194.247.47.47:53 194.247.44.222:1032 L=137 S=0x00 I=0 F=0x4000 T=62 (#100)
I am using (or, more accurately "trying to use") SuSEfirewall 2.6, and the same thing happens to me. I asked on the linux-newbies list about the packet log messages and was told that PROTO=17 indicates that these are UDP packets being denied. When I asked where I could find a description of the different fields of these log messages, I was told that the best source was ORA's book "Core Internet Protocols".
Anyone know what to change here ? Now that I've installed firewall 4.2 I'd like to be able to use it. It would be a shame to throw it away. I need to use ftp, www, mail and ping out from the box to my ISP.
Sorry, can't help you here, as we are in the same boat. I was in a book store the other day and saw a book called "The SuSE Linux Server". I quickly grabbed it to see if it could help me with my firewall setup problems (which are much like yours), and found that the book didn't even describe the SuSE tools (config files and SuSEfirewall script). Rather, it described how to set up a packet filtering firewall using ipchains rules. I am going to see if I can find anything in this lists archives that will help me further (although from the little reading I have done in January's archives, most people seem to be using a solution of their own and not the script and config files SuSE provides. -- ------------------ Theo. Sean Schulze theo.schulze@okay.net
Richard wrote:
In /var/log/messages I can see quite a few lines which say......
Packet log: input DENY ippp0 PROTO=17 194.247.47.47:53 194.247.44.222:1032 L=137 S=0x00 I=0 F=0x4000 T=62 (#100)
As I am a fellow newbie to SuSEfirewall, I can sympathize and offer a solution. Well spotted - these DENYed packets seem to be the source of the problem. These packets look like replies to domain name server requests from your workstation to your ISP. You need to allow this for www and the rest to work. Read Marc's comments in section 11 of firewall.rc.config, then edit the following line FW_ALLOW_INCOMING_HIGHPORTS_UDP="dns" # Common: "dns" Please post your success or failure with this fix. dproc
participants (3)
-
dproc -
Richard -
Theo. Sean Schulze