On Wed, Aug 22, 2001 at 09:00:44PM +1000, Jon Biddell wrote:
On Thu, 23 Aug 2001 19:41, Cliff Sarginson wrote:
Mmmm.. Well I tried.. I want a firewall that
a)Allowd unrestricted access to the internet to all local machines b)Allows smtp, answers to DNS enquiries and responses to finger and ping
Meticulously following comments in the config file..achieves..
Aug 23 11:34:12 buffy kernel: SuSE-FW-UNALLOWED-TARGETIN=ippp0 OUT= MAC= SRC=194.159.73.135 DST=212.238.77.116 LEN=134 TOS=0x00 PREC=0x00 TTL=62 ID=47967 PROTO=UDP SPT=53 DPT=32815 LEN=114
194.159.73.135 is my ISP mail sender 212.238.77.116 is my IP address ` Solved..another piece of lacking/mis-information in Suse documentation. For information of others... if you set up ISDN the recommendation is that you set your IP address to 198.168.0.1 (or is it 99.. whatever).. This works tickety-boo until you use a firewall with iptables. Then your IP address changes and the tables rules just refuse to accept anything for that IP address. I do not know how you circumvent this if you get an IP address dynamically; but since I have a fixed IP address I changed the ISDN setup to reflect this. And voila..it all works.
In the course of this I doscovered an error in /etc/ppp/ip-up{down}. "ip-down" as it stands does not take the firewall down, it just loads it again (missing "stop" parameter). Another bug in ISDN is that it fails to work when you re-boot the machine, if you then use yast2 to reload the network configuration *without* making any changes, then it works fine. This has been reported to support. I am using a 7.2 out of the box. The MPPP facility doesn't work as described in the Suse Network manual..they miss out the importnt information that you have to set it up BEFORE you load the ISDN daemon. At least that is what I have read elsewhere..I will be trying this later. Hope this is useful information. Cliff