Hi I had also some strange fears agains firewall, until I did the following: Read the ipchains / iptables document to get overall picture. Started firewall by blocking everything. Had 2 xterm open and following messages in /var/log/firewall Started for example a browser, and then opened the ports that needed to be opened. Also forwarding / masquerading I did this way. Did this for every piece of software that used the LAN/WAN access. Then I still followed the traffic, and did some fine tuning of the firewall rules... Now I'm totally confident with ipchains, and I know what is going on there. Jaska. Viestissä Maanantai 1. Lokakuuta 2001 22:08, Theo. Sean Schulze kirjoitti:
The setiathome problem is fixed. It turned out that it was a combination of a missing configuration file (no telling where that went!) and the setiathome server being down (which is probably what I should have checked first).
Don't know why I'm so nervous about this firewall and forwarding.
Sorry, Sean
On Monday 01 October 2001 15:50, Theo. Sean Schulze wrote:
Hello,
Up to today, I had no problems with setiathome running on my Mac connecting through my linux box to update itself. My linux box is using SuSEfirewall2 with kernel 2.4.6 to masquerade my home network of four machines. Between the last time setiathome successfully updated and today I changed rc.config to start netatalk, xntp, and mySQL at boot. (I also upgraded from 128M RAM to 320M RAM, but I can't see how that would have an effect.) I have since changed the setting for starting atalk (netatalk) back to "no" and I removed the AppleTalk related services, ntp and ftp from this line in firewall2.rc.config:
# Common: ssh smtp domain FW_SERVICES_INT_TCP="ssh smtp domain"
When I connect to my home page over the Internet using Netscape from the Mac (192.168.0.2), the first attempt to connect fails, and /var/log/messages shows these messages:
Oct 1 15:38:17 dragoon modify_resolvconf: Service ipppd modified /etc/resolv.conf. See info block in this file Oct 1 15:38:21 dragoon kernel: SuSE-FW-UNALLOWED-ROUTINGIN=eth0 OUT=ippp0 SRC=192.168.0.2 DST=195.211.211.24 LEN=64 TOS=0x00 PREC=0x00 TTL=254 ID=11541 DF PROTO=UDP SPT=49152 DPT=53 LEN=44 Oct 1 15:38:24 dragoon SuSEfirewall2: Firewall rules successfully set from /etc/rc.config.d/firewall2.rc.config
The second attempt to connect succeeds.
I suspect that what is happening is that setiathome trying to connect and my linux box is setting up the ISDN connection. But, before the firewall rules are completely set, the firewall denies setiathome's connection attempt. setiathome then fails without making a second (and potentially successful) attempt to connect.
Is this analysis sound? If so, what can I change to make setiathome's and Netscape's first attempts to connect succeed? Is there a way to speed up SuSEfirewall2's loading of its rules? Seen from another perspective, are there services I can halt (xntp, mySQL) that might be slowing SuSEfirewall2's setting of its rules? What other information do I need to provide?
Cheers, Sean