On Friday 19 April 2002 19:51, you wrote:
* steve; <fsanta@arrakis.es> on 19 Apr, 2002 wrote:
I am trying to configure firewall2. It's just that someone said the personal firewall would work too. In desperation we have tried many combinations, none of which work!
OK so we are still on SuSEfirewall2
1) uninstall all other firewall packages (personal SuSEfirewall version1) 2) Make sure you have SuSEfirewall2 version 2.1 if not download from http://www.suse.de/~marc/suse.html and install it
3) Based on your previous mails configure as follows
FW_DEV_EXT="eth0" FW_DEV_INT="eth1" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.0.0/24" FW_PROTECT_FROM_INTERNAL="yes" FW_AUTOPROTECT_SERVICES="yes"
FW_SERVICES_EXT_TCP="domain " FW_SERVICES_EXT_UDP="domain" FW_SERVICES_INT_TCP="21 22 25 53 80 110 143 1113 3128" FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="yes" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="yes" FW_SERVICE_SAMBA="yes" FW_REDIRECT="192.168.0.0/24,0/0,tcp,80,3128" FW_LOG_DROP_CRIT="no" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="no" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW"
FW_KERNEL_SECURITY="no"
FW_STOP_KEEP_ROUTING_STATE="yes"
FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="yes"
FW_ALLOW_FW_TRACEROUTE="yes"
FW_ALLOW_FW_SOURCEQUENCH="yes"
FW_ALLOW_FW_BROADCAST="yes" FW_IGNORE_FW_BROADCAST="no"
FW_ALLOW_CLASS_ROUTING="no"
4) Now start as /sbin/SuSEfirewall2 test 5) Try to ping www.suse.de save output (if any) 6) traceroute www.ssue.de save output (if any) 7) from the Local lan try to surf the net www.suse.de 8) from local lan ftp to ftp.gwdg.de 9 If everything works then /sbinSuSEfirewall2 start 10) if it fails send the output of item 5 item 6 along with /var/log/firewall ( not all of it relevant parts for item 7 and 8 )
Hi. Thanks for all this effort. 5, 6, 7 and 8 work fine in test mode but lock tight after 9. There is no /var/log/firewall (we installed SuSEfirewall2-2.1 after uninstalling the normal 7.3 installation packages and uninstalling the personal firewall) and var/log/messages gives nothing relevant. We can't ask you for anymore. We tried pmfirewall and it works. It's not what we really wanted but it's time that we must save. Thanks again. Steve.