I should have specified that I did change those variables. I now have it set to: FW_SERVICES_INT_TCP="80 137 138 139 1000:4000 47624" FW_PROTECT_FROM_INTERNAL="no" FW_ALLOWINCOMING_HIGHPORTS_*="yes" And yet I see rejections in the log that look like this: SuSE-FW-ACCESS_DENIED_INT IN =eth1 OUT= MAC(blah blah) SRC=192.168.0.2 DST=209... LEN... PROTO=TCP SPT=4584 DPT=80 ... So the SRC IP is my windows box, the dest IP is eth0 which is the external ethernet card. So the request comes in via eth1 to port 80 and it gets blocked. I even tried using http and https in the FW_ line. Yet Samba and ssh work just fine. There's another thread that's covering similar issues. Someone mentioned something about "split-brain dns" or the like. Still it should be available. When I had Redhat 7.1 running and used firestarter to set up an iptables firewall it worked just fine. It was easy as can be to open a port, allow and block specific ips, and view the webserver. -- Keith Mickunas keith@mickunas.net I'll be deep in the cold, cold ground before I recognize Missourah! - Grandpa Simpson Quoting "Carlos E. R." <robin1.listas@tiscali.es>:
The 03.07.27 at 22:10, Keith Mickunas wrote:
the name, which is registered to the external card, the firewall blocks it, even though I've explicitly stated both internal and external connections can see port 80, http, and https. But the log is showing that the firewall refuses the connection on the internal card to port 80.
Because you have them closed:
FW_SERVICES_INT_TCP="137 138 139" FW_SERVICES_INT_UDP="137 138 139"
-- Cheers, Carlos Robinson
------------------------------------------------- This mail sent through IMP: http://horde.org/imp/