SuSEfirewall2 to shorewall.

Prabu Subroto

6 Jan 2003 6 Jan '03

13:59

Dear my friends... I can not keep using SuSEfirewall2 anymore. It has too much bugs inside. I want to migrate to shorewall2. But before I change my firewall I have to make sure at first : 1. Is it easy to install shorewall2 on SuSE Linux 8.1? 2. Is shorewall included in SuSE 8.1? 3. Does shorewall has ip-masquerading? If not how can I activate/start this ip-masquerading? 4. If I don't want to use any firewall temporarely, Can I activate/start the ip-masquerading on SuSE Linux 8.1 as the internet gateway? If yes, how? 5. After I install shorewall2, can I configure the shorewall firewall to be started each time the SuSE Linux 8.1 OS starts with YaST2? Thank you very much my friends.... __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com

Show replies by date

Pam R

6 Jan 6 Jan

14:08

New subject: [SLE] SuSEfirewall2 to shorewall.

On Monday 06 January 2003 13:59, Prabu Subroto wrote:

...

Dear my friends...

I can not keep using SuSEfirewall2 anymore. It has too much bugs inside. I want to migrate to shorewall2.

What bugs? (just curious) Pam R -- sed s/MS/Linux/ Linux StepbyStep: http://www.linux-sxs.org/stepbystep.html

Prabu Subroto

14:45

New subject: [SLE] SuSEfirewall2 to shorewall.

Yes, First, if I register BIND, Squid into "/etc/sysconfig/SuSEfirewall2" than each time rebooting that the SuSEfirewall auto_detect say that they are not detected but actually they are active. I have install the patch from internet with YOU but no change. Second, If I have to restart the SuSEfirewall2 regularly. Because if I get new IP from the DCHP server of our ISP than my LAN users can not go out to internet anymore. Although I have registered DHCP-client on "/etc/sysconfig/SuSEfirewall2" and I also have opened the port on the firewall for DHCP-Client (546). It is too much for me. --- Pam R wrote:

...

On Monday 06 January 2003 13:59, Prabu Subroto wrote:

...
Dear my friends...

I can not keep using SuSEfirewall2 anymore. It has too much bugs inside. I want to migrate to shorewall2.

What bugs? (just curious)

Pam R -- sed s/MS/Linux/ Linux StepbyStep: http://www.linux-sxs.org/stepbystep.html

-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com

__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com

Togan Muftuoglu

15:33

New subject: [SLE] SuSEfirewall2 to shorewall.

* Prabu Subroto; on 06 Jan, 2003 wrote:

...

First, if I register BIND, Squid into "/etc/sysconfig/SuSEfirewall2" than each time rebooting that the SuSEfirewall auto_detect say that they are not detected but actually they are active. I have install the patch from internet with YOU but no change.

Strange as SuSEfirewall2 checks the services via RunLevel links so if the services are there it would detect function check_srv() { RLVL=`/sbin/runlevel | sed 's/^. //'` test -L /etc/init.d/rc${RLVL}.d/S??$1 && return 0 return 1 } can you send the output of chkconfig --list named squid

...

Second, If I have to restart the SuSEfirewall2 regularly. Because if I get new IP from the DCHP server of our ISP than my LAN users can not go out to internet anymore. Although I have registered DHCP-client on "/etc/sysconfig/SuSEfirewall2" and I also have opened the port on the firewall for DHCP-Client (546).

SuSEfirewall2 uses port 67 for DHCP client access What Do you have on item 12 FW_SERVICE_DHCLIENT="" -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx

Prabu Subroto

16:29

New subject: [SLE] SuSEfirewall2 to shorewall.

Dear Togan... Sorry my friend I forgot to change the "To". I sent to you not through mailing-list just now. Sorry. Here ist the output : " proxy:/home/proxier # chkconfig --list named squid named 0:off 1:off 2:off 3:on 4:off 5:on 6:off squid 0:off 1:off 2:off 3:on 4:off 5:on 6:off proxy:/home/proxier # " Togan>SuSEfirewall2 uses port 67 for DHCP client access

...

What Do you have on item 12

FW_SERVICE_DHCLIENT=""

PS> Uppss..... So I should open portnumber 12. "Item 12" ? I don't understand. What is for "12" that you meant? Here what I have : " FW_SERVICE_DHCLIENT="yes" " Thank you very much, my friend. --- Togan Muftuoglu wrote:

...

...
First, if I register BIND, Squid into "/etc/sysconfig/SuSEfirewall2" than each time rebooting that the SuSEfirewall auto_detect say

* Prabu Subroto; on 06 Jan, 2003 wrote: that

...
they are not detected but actually they are active. I have install the patch from internet with YOU but no change.

Strange as SuSEfirewall2 checks the services via RunLevel links so if the services are there it would detect

function check_srv() { RLVL=`/sbin/runlevel | sed 's/^. //'` test -L /etc/init.d/rc${RLVL}.d/S??$1 && return 0 return 1 }

can you send the output of

chkconfig --list named squid

...
Second, If I have to restart the SuSEfirewall2 regularly. Because if I get new IP from the DCHP server of our ISP than my LAN users can not go out to internet anymore. Although I have registered DHCP-client on "/etc/sysconfig/SuSEfirewall2" and I also have

opened

...
the port on the firewall for DHCP-Client (546).

SuSEfirewall2 uses port 67 for DHCP client access

What Do you have on item 12

FW_SERVICE_DHCLIENT=""

--

Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx

-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com

__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com

Togan Muftuoglu

16:39

New subject: [SLE] SuSEfirewall2 to shorewall.

* Prabu Subroto; on 06 Jan, 2003 wrote:

...

Dear Togan...

Sorry my friend I forgot to change the "To". I sent to you not through mailing-list just now. Sorry.

Thy shall be punished :-)

...

Here ist the output : " proxy:/home/proxier # chkconfig --list named squid named 0:off 1:off 2:off 3:on 4:off 5:on 6:off squid 0:off 1:off 2:off 3:on 4:off 5:on 6:off proxy:/home/proxier #

OK so we know that these two services are starting for the various runlevels and this should make SuSEfirewall2 happy

...

"Item 12" ? I don't understand. What is for "12" that you meant? Here what I have : " FW_SERVICE_DHCLIENT="yes"

That is what I meant and that is fine also. Unless something bazaar is in the configuration SuSEfirewall2 should work with no problems Can you send the the output of the following ( To the list this time think before you hit the send key) rpm -q SuSEfirewall2 grep -v ^# /etc/sysconfig/SuSEfirewall2 -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx

Prabu Subroto

17:20

New subject: [SLE] SuSEfirewall2 to shorewall.

--- Togan Muftuoglu wrote:

...

Thy shall be punished :-)

PS>Thanks man...:D You are nice.

...

OK so we know that these two services are starting for the various runlevels and this should make SuSEfirewall2 happy

PS>I don't understand this one : "....that these two services are starting for the various runlevels" Does it cause my SuSEfirewall2 run wrong ? How should it be ? Only 3 or 5 ?

...

rpm -q SuSEfirewall2

grep -v ^# /etc/sysconfig/SuSEfirewall2

PS>It seems that I will install SuSEfirewall2 again. Is it ? why ? And What will happened on the file ?

...

--

Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx

-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com

__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com

Togan Muftuoglu

21:03

New subject: [SLE] SuSEfirewall2 to shorewall.

* Prabu Subroto; on 06 Jan, 2003 wrote:

...

...
rpm -q SuSEfirewall2

with this command we will be able to know the version of SuSEfirewall2 and I would rather know it before starting bug hunting

...

...
grep -v ^# /etc/sysconfig/SuSEfirewall2

With this command the output will be how you configured the firewall enabling to see if there is a configuration error or not

...

PS>It seems that I will install SuSEfirewall2 again. Is it ? why ? And What will happened on the file ?

I do understand your concerns about what will happen well you have couple of options 1) you trust and send the output 2) you do not trust read the man pages of rpm and grep and understand what is been trying to reach in order to help 3) Read Chapter 13 Network Security of SuSE-Linux-Adminguide-8.1.0.0dx86.pdf 4) download the SuSEfirewall2 manual from sourceforge to understand the three phase setup and all the other parts http://sourceforge.net/project/showfiles.php?group_id=42064&release_id=127876 As you can see your options are there choose your own poison As you can see your options are there choose your own poison. I can not help since I am unable to recreate the bug/situation you mention -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx

Jerry A!

17:19

New subject: [SLE] SuSEfirewall2 to shorewall.

On Mon, Jan 06, 2003 at 05:33:03PM +0200, Togan Muftuoglu wrote: : * Prabu Subroto; on 06 Jan, 2003 wrote: : >First, : >if I register BIND, Squid into : >"/etc/sysconfig/SuSEfirewall2" than each time : >rebooting that the SuSEfirewall auto_detect say that : >they are not detected but actually they are active. I : >have install the patch from internet with YOU but no : >change. : : Strange as SuSEfirewall2 checks the services via RunLevel links so if : the services are there it would detect : : function check_srv() { : RLVL=`/sbin/runlevel | sed 's/^. //'` : test -L /etc/init.d/rc${RLVL}.d/S??$1 && return 0 : return 1 : } : : : can you send the output of : : chkconfig --list named squid I think he's talking about on issue where if you set "FW_SERVICE_DNS" there appears to be a race condition. For example, on my box I get the following error: 'Warning: FW_SERVICE_DNS defined, but no DNS server found running! No biggee, except for the fact that afterwards the DNS ports aren't allowing traffic. I have to wait for my machine to finish booting and restart SuSEfirewall2 after a reboot. --Jerry Open-Source software isn't a matter of life or death... ...It's much more important than that!

Prabu Subroto

18:08

New subject: [SLE] SuSEfirewall2 to shorewall.

--- Jerry A! wrote:

...

I think he's talking about on issue where if you set "FW_SERVICE_DNS" there appears to be a race condition.

For example, on my box I get the following error: 'Warning: FW_SERVICE_DNS defined, but no DNS server found running!

No biggee, except for the fact that afterwards the

PS>So, should I ignore it because it doesn't mean that my SuSEfirewall doesn't run properly?

...

DNS ports aren't allowing traffic. I have to wait for my machine to finish booting and restart SuSEfirewall2 after a reboot.

PS>Manually ? I do the the same, my friend. From console I do : "SuSEfirewall2 stop" and "SuSEfirewall2 start". But I can not always do so each time my LAN user can not go to internet anymore. PS>Does it mean my mistake are : 1. open the wrong port number because I should open 67 ? 2. start SuSEfirewall2 in 2 runlevel, 3 and 5 ?If yes how should I start SuSEfirewall ? There are 3 services that I have start. They are : SuSEfirewall2_final, SuSEfirewall2_setup and SuSEfirewall2_init. Should I define like this: " SuSEfirewall2_final --> 2 SuSEfirewall2_init -->3 SuSEfirewall2_setup -->2 and 3 "? TIA.

...

--Jerry

Open-Source software isn't a matter of life or death... ...It's much more important than that!

-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com

__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com

Prabu Subroto

18:08

New subject: [SLE] SuSEfirewall2 to shorewall.

--- Jerry A! wrote:

...

I think he's talking about on issue where if you set "FW_SERVICE_DNS" there appears to be a race condition.

For example, on my box I get the following error: 'Warning: FW_SERVICE_DNS defined, but no DNS server found running!

No biggee, except for the fact that afterwards the

PS>So, should I ignore it because it doesn't mean that my SuSEfirewall doesn't run properly?

...

DNS ports aren't allowing traffic. I have to wait for my machine to finish booting and restart SuSEfirewall2 after a reboot.

...

--Jerry

Open-Source software isn't a matter of life or death... ...It's much more important than that!

-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com

__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com

Joe Morris (NTM)

23:42

New subject: [SLE] SuSEfirewall2 to shorewall.

On 01/07/2003 02:08 AM, Prabu Subroto wrote:

...

PS>Does it mean my mistake are : 1. open the wrong port number because I should open 67?

Yes, you opened the wrong port for dhcp client, it is/should be set up as 67. -- Joe & Sesil Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Web Address: http://www.mydestiny.net/~joe_morris Registered Linux user 231871 God said, I AM that I AM. I say, by the grace of God, I am what I am.

Prabu Subroto

15:34

New subject: [SLE] SuSEfirewall2 to shorewall.

...

On Monday 06 January 2003 13:59, Prabu Subroto wrote:

...
Dear my friends...

I can not keep using SuSEfirewall2 anymore. It has too much bugs inside. I want to migrate to shorewall2.

What bugs? (just curious)

Pam R -- sed s/MS/Linux/ Linux StepbyStep: http://www.linux-sxs.org/stepbystep.html

-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com

__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com

Linux World 999

14:23

New subject: [SLE] SuSEfirewall2 to shorewall.

----- Original Message ----- From: "Prabu Subroto" To: Sent: Monday, January 06, 2003 1:59 PM

...

Dear my friends...

I can not keep using SuSEfirewall2 anymore. It has too much bugs inside. I want to migrate to shorewall2. But before I change my firewall I have to make sure at first :

As a matter of interest, what bugs have you experienced? <snip> __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com

Prabu Subroto

15:34

New subject: [SLE] SuSEfirewall2 to shorewall.

...

----- Original Message ----- From: "Prabu Subroto" To: Sent: Monday, January 06, 2003 1:59 PM

...
Dear my friends...

I can not keep using SuSEfirewall2 anymore. It has too much bugs inside. I want to migrate to shorewall2. But before I change my firewall I have to make sure at first :

As a matter of interest, what bugs have you experienced?

<snip>

__________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com

-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com

__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com

John Andersen

7 Jan 7 Jan

07:22

New subject: [SLE] SuSEfirewall2 to shorewall.

On Monday 06 January 2003 04:59 am, you wrote:

...

Dear my friends...

I can not keep using SuSEfirewall2 anymore. It has too much bugs inside. I want to migrate to shorewall2. But before I change my firewall I have to make sure at first :

1. Is it easy to install shorewall2 on SuSE Linux 8.1?

Yes, very easy, just shutdown SuSE firewall. There are rpms available for shorewall.

...

2. Is shorewall included in SuSE 8.1?

No go to www.shorewall.net Be sure to read the quick start guide

...

3. Does shorewall has ip-masquerading? If not how can I activate/start this ip-masquerading?

Yes, and its all explained in the quick start guide

...

4. If I don't want to use any firewall temporarely, Can I activate/start the ip-masquerading on SuSE Linux

Its easiere with shorewall, there is no reason to be without a firewall. The amound of work you have to do to get iptables running for masq is the same as getting it to be a firewall.

...

5. After I install shorewall2, can I configure the shorewall firewall to be started each time the SuSE Linux 8.1 OS starts with YaST2?

It does this automatically when you install the rpm. BEAR IN MIND: That shorewall simply feeds iptables the proper scripts, shorewall does not "run" in the normal sense. Its a tool to control iptables. If you patiently read the quick start guide you should have it up and running in 20 minutes flat, includind the reading time. Very easy to get up and running and very easy to manage with just a text editor. -- _________________________________________________ John Andersen / Juneau Alaska

7781

Age (days ago)

7782

Last active (days ago)

List overview

Download

15 comments

7 participants

participants (7)

Jerry A!
Joe Morris (NTM)
John Andersen
Linux World 999
Pam R
Prabu Subroto
Togan Muftuoglu