SuSEfirewall 4.3-3 and dial-up connections
hi, I installed the SuSEfirewall 4.3-3 and set it up with an ISDN card as ext. device. On startup, the firewall protects the given ip (192.168.0.1). When I dial in (kinternet) no connections can be made. So I added /etc/ip-up.local witch includes: /sbin/SuSEfirewall2 start now everything works. Is it ok or may I get get into trouble? Thanx Thorsten
On Wed, Mar 21, 2001 at 11:01:53AM +0000, Thorsten Stoelk wrote:
I have just done some examinations in that regard. I have ppp0 as external device and with START_FW2 set, I get failure messages when booting, because ppp0 is not yet defined. When dialing up I could also not get connections to work until I found, that the default ip-up script only handles the "old" firewall support. I have hence hacked ip-up and changed all occurences to start SuSEfirewall to start firewall2 instead and have removed the personal-firewall things. After these changes it seems to work as expected. For diagnostic you might consider removing the firewall settings before dialing up (/sbin/SuSEfirewall2 stop) and list the iptable entries, they should be empty. After dialing in, start the firewall manually and see, whether connections break. If this works, you know that the problem is not in the rules but in the setup phase (that was my problem). This is my first setup of the firewall, so I removed the "old" packages before starting. I cannot tell you what happens if you have the ipchain based firewall running in parallel :-) Best regards, Lutz -- Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
On Wed, Mar 21, 2001 at 11:01:53AM +0000, Thorsten Stoelk wrote:
I have just done some examinations in that regard. I have ppp0 as external device and with START_FW2 set, I get failure messages when booting, because ppp0 is not yet defined. When dialing up I could also not get connections to work until I found, that the default ip-up script only handles the "old" firewall support. I have hence hacked ip-up and changed all occurences to start SuSEfirewall to start firewall2 instead and have removed the personal-firewall things. After these changes it seems to work as expected. For diagnostic you might consider removing the firewall settings before dialing up (/sbin/SuSEfirewall2 stop) and list the iptable entries, they should be empty. After dialing in, start the firewall manually and see, whether connections break. If this works, you know that the problem is not in the rules but in the setup phase (that was my problem). This is my first setup of the firewall, so I removed the "old" packages before starting. I cannot tell you what happens if you have the ipchain based firewall running in parallel :-) Best regards, Lutz -- Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
participants (2)
-
Lutz Jaenicke -
Thorsten Stoelk