Hallo. * Montag, 11. August 2008 um 07:48 (+0200) schrieb Günter Ohmer:
================================================================================================================================== basar:~ # iptables -L forward_int -nv Chain forward_int (3 references) pkts bytes target prot opt in out source destination 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0 LOG flags 6 level 4 prefix `SFW> 2-FWDint-FWD-RELA' 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3 LOG flags 6 level 4 prefix `SFW>2-FWDint-FWD-RELA' 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11 LOG flags 6 level 4 prefix `SF>W2-FWDint-FWD-RELA' 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12 LOG flags 6 level 4 prefix `SF>W2-FWDint-FWD-RELA' 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14 LOG flags 6 level 4 prefix `SF>W2-FWDint-FWD-RELA' 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18 LOG flags 6 level 4 prefix `SF>W2-FWDint-FWD-RELA' 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3 code 2 LOG flags 6 level 4 pref>ix `SFW2-FWDint-FWD-RELA' 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3 code 2 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 5 LOG flags 6 level 4 prefix `SFW>2-FWDint-FWD-RELA' 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 5 2141 127K LOG all -- eth0 dsl1 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SFW2-FWDint-ACC-MASQ ' 2141 127K ACCEPT all -- eth0 dsl1 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED 0 0 LOG all -- eth1 dsl1 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SFW2-FWDint-ACC-MASQ ' 0 0 ACCEPT all -- eth1 dsl1 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED 0 0 LOG all -- eth2 dsl1 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SFW2-FWDint-ACC-MASQ ' 0 0 ACCEPT all -- eth2 dsl1 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SFW2-FWDint-DROP-DEFLT ' 0 0 reject_func all -- * * 0.0.0.0/0 0.0.0.0/0 ==================================================================================================================================
Laut diesem Regelsatz werden gar keine aufbauenden ("state NEW") Verbindungen zwischen den internen Netzwerkkarten zugelassen, sondern nur einige ICMP-Anworten (und Verbindungen zum DSL-Interface). Ich kenne mich mit der SUSE-Firewall nicht aus, aber das scheint mir ein grundsätzliches Konfigurationsproblem zu sein. Kontrolliere, ob die Netzwerkkarten alle der internen Zone zugewiesen sind. Gruß Andreas -- Amarok spielt gerade nichts... GPG-ID/Fingerprint: 6F28CF96/0B3B C287 30CE 21DF F37A AF63 A46C D899 6F28 CF96 GPG-Key on request or on public keyservers -- -- Um die Liste abzubestellen, schicken Sie eine Mail an: opensuse-de+unsubscribe@opensuse.org Um eine Liste aller verfuegbaren Kommandos zu bekommen, schicken Sie eine Mail an: opensuse-de+help@opensuse.org