On 20/10/06 22:54, Greg Wallace wrote:
I'm running SUSE Linux 10.1. Here's the output you requested. I trimmed the comments out of /etc/sysconfig/SuSEfirewall2. Hopefully, I didn't cut out any parameters by mistake, but the comments made the list huge.
No big deal, if I need them I can read my own config file :-)
Iptables-save
# Generated by iptables-save v1.3.5 on Fri Oct 20 23:23:14 2006 <snip> That stuff isn't any help, because....
cat /etc/sysconfig/SuSEfirewall2
FW_DEV_EXT=""
FW_DEV_INT=""
FW_DEV_DMZ=""
You really must have one of these defined, because without it, the firewall rules are essentially meaningless. In particular, you will note in the iptables-save stuff that there is no rule to accept NEW connections of any kind (except, of course, on device lo). Nothing you've entered in the FW_SERVICES* entries have a corresponding rule. Here's what these should look like with the naming conventions in SuSE: FW_DEV_EXT="eth-id-00:50:ba:c4:91:43" FW_DEV_INT="eth-id-00:50:fc:8b:4d:d1" If you only have one network card in the system, then define it as the external interface. IMO, the firewall is easier to configure that way. Look in /etc/sysconfig/network for the device names, eg. # ls /etc/sysconfig/network/ . config if-down.d ifcfg-eth-id-00:50:ba:c4:91:43 ifcfg-lo ifroute-lo scripts .. dhcp if-up.d ifcfg-eth-id-00:50:fc:8b:4d:d1 ifcfg.template providers wireless Once you've done this change, restart the firewall, and see if things start working.