Dear my friends... I can not keep using SuSEfirewall2 anymore. It has too much bugs inside. I want to migrate to shorewall2. But before I change my firewall I have to make sure at first : 1. Is it easy to install shorewall2 on SuSE Linux 8.1? 2. Is shorewall included in SuSE 8.1? 3. Does shorewall has ip-masquerading? If not how can I activate/start this ip-masquerading? 4. If I don't want to use any firewall temporarely, Can I activate/start the ip-masquerading on SuSE Linux 8.1 as the internet gateway? If yes, how? 5. After I install shorewall2, can I configure the shorewall firewall to be started each time the SuSE Linux 8.1 OS starts with YaST2? Thank you very much my friends.... __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
On Monday 06 January 2003 13:59, Prabu Subroto wrote:
Dear my friends...
I can not keep using SuSEfirewall2 anymore. It has too much bugs inside. I want to migrate to shorewall2.
What bugs? (just curious) Pam R -- sed s/MS/Linux/ Linux StepbyStep: http://www.linux-sxs.org/stepbystep.html
Yes,
First,
if I register BIND, Squid into
"/etc/sysconfig/SuSEfirewall2" than each time
rebooting that the SuSEfirewall auto_detect say that
they are not detected but actually they are active. I
have install the patch from internet with YOU but no
change.
Second,
If I have to restart the SuSEfirewall2 regularly.
Because if I get new IP from the DCHP server of our
ISP than my LAN users can not go out to internet
anymore. Although I have registered DHCP-client on
"/etc/sysconfig/SuSEfirewall2" and I also have opened
the port on the firewall for DHCP-Client (546).
It is too much for me.
--- Pam R
On Monday 06 January 2003 13:59, Prabu Subroto wrote:
Dear my friends...
I can not keep using SuSEfirewall2 anymore. It has too much bugs inside. I want to migrate to shorewall2.
What bugs? (just curious)
Pam R -- sed s/MS/Linux/ Linux StepbyStep: http://www.linux-sxs.org/stepbystep.html
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
* Prabu Subroto;
First, if I register BIND, Squid into "/etc/sysconfig/SuSEfirewall2" than each time rebooting that the SuSEfirewall auto_detect say that they are not detected but actually they are active. I have install the patch from internet with YOU but no change.
Strange as SuSEfirewall2 checks the services via RunLevel links so if the services are there it would detect function check_srv() { RLVL=`/sbin/runlevel | sed 's/^. //'` test -L /etc/init.d/rc${RLVL}.d/S??$1 && return 0 return 1 } can you send the output of chkconfig --list named squid
Second, If I have to restart the SuSEfirewall2 regularly. Because if I get new IP from the DCHP server of our ISP than my LAN users can not go out to internet anymore. Although I have registered DHCP-client on "/etc/sysconfig/SuSEfirewall2" and I also have opened the port on the firewall for DHCP-Client (546).
SuSEfirewall2 uses port 67 for DHCP client access What Do you have on item 12 FW_SERVICE_DHCLIENT="" -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
Dear Togan... Sorry my friend I forgot to change the "To". I sent to you not through mailing-list just now. Sorry. Here ist the output : " proxy:/home/proxier # chkconfig --list named squid named 0:off 1:off 2:off 3:on 4:off 5:on 6:off squid 0:off 1:off 2:off 3:on 4:off 5:on 6:off proxy:/home/proxier # " Togan>SuSEfirewall2 uses port 67 for DHCP client access
What Do you have on item 12
FW_SERVICE_DHCLIENT=""
PS> Uppss..... So I should open portnumber 12.
"Item 12" ? I don't understand. What is for "12" that
you meant?
Here what I have :
"
FW_SERVICE_DHCLIENT="yes"
"
Thank you very much, my friend.
--- Togan Muftuoglu
First, if I register BIND, Squid into "/etc/sysconfig/SuSEfirewall2" than each time rebooting that the SuSEfirewall auto_detect say
* Prabu Subroto;
on 06 Jan, 2003 wrote: that they are not detected but actually they are active. I have install the patch from internet with YOU but no change.
Strange as SuSEfirewall2 checks the services via RunLevel links so if the services are there it would detect
function check_srv() { RLVL=`/sbin/runlevel | sed 's/^. //'` test -L /etc/init.d/rc${RLVL}.d/S??$1 && return 0 return 1 }
can you send the output of
chkconfig --list named squid
Second, If I have to restart the SuSEfirewall2 regularly. Because if I get new IP from the DCHP server of our ISP than my LAN users can not go out to internet anymore. Although I have registered DHCP-client on "/etc/sysconfig/SuSEfirewall2" and I also have
opened
the port on the firewall for DHCP-Client (546).
SuSEfirewall2 uses port 67 for DHCP client access
What Do you have on item 12
FW_SERVICE_DHCLIENT=""
--
Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
* Prabu Subroto;
Dear Togan...
Sorry my friend I forgot to change the "To". I sent to you not through mailing-list just now. Sorry.
Thy shall be punished :-)
Here ist the output : " proxy:/home/proxier # chkconfig --list named squid named 0:off 1:off 2:off 3:on 4:off 5:on 6:off squid 0:off 1:off 2:off 3:on 4:off 5:on 6:off proxy:/home/proxier #
OK so we know that these two services are starting for the various runlevels and this should make SuSEfirewall2 happy
"Item 12" ? I don't understand. What is for "12" that you meant? Here what I have : " FW_SERVICE_DHCLIENT="yes"
That is what I meant and that is fine also. Unless something bazaar is in the configuration SuSEfirewall2 should work with no problems Can you send the the output of the following ( To the list this time think before you hit the send key) rpm -q SuSEfirewall2 grep -v ^# /etc/sysconfig/SuSEfirewall2 -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
--- Togan Muftuoglu
Thy shall be punished :-)
PS>Thanks man...:D You are nice.
OK so we know that these two services are starting for the various runlevels and this should make SuSEfirewall2 happy
PS>I don't understand this one : "....that these two services are starting for the various runlevels" Does it cause my SuSEfirewall2 run wrong ? How should it be ? Only 3 or 5 ?
rpm -q SuSEfirewall2
grep -v ^# /etc/sysconfig/SuSEfirewall2
PS>It seems that I will install SuSEfirewall2 again. Is it ? why ? And What will happened on the file ?
--
Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
* Prabu Subroto;
rpm -q SuSEfirewall2
with this command we will be able to know the version of SuSEfirewall2 and I would rather know it before starting bug hunting
grep -v ^# /etc/sysconfig/SuSEfirewall2
With this command the output will be how you configured the firewall enabling to see if there is a configuration error or not
PS>It seems that I will install SuSEfirewall2 again. Is it ? why ? And What will happened on the file ?
I do understand your concerns about what will happen well you have couple of options 1) you trust and send the output 2) you do not trust read the man pages of rpm and grep and understand what is been trying to reach in order to help 3) Read Chapter 13 Network Security of SuSE-Linux-Adminguide-8.1.0.0dx86.pdf 4) download the SuSEfirewall2 manual from sourceforge to understand the three phase setup and all the other parts http://sourceforge.net/project/showfiles.php?group_id=42064&release_id=127876 As you can see your options are there choose your own poison As you can see your options are there choose your own poison. I can not help since I am unable to recreate the bug/situation you mention -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
On Mon, Jan 06, 2003 at 05:33:03PM +0200, Togan Muftuoglu wrote:
: * Prabu Subroto;
--- Jerry A!
I think he's talking about on issue where if you set "FW_SERVICE_DNS" there appears to be a race condition.
For example, on my box I get the following error: 'Warning: FW_SERVICE_DNS defined, but no DNS server found running!
No biggee, except for the fact that afterwards the
PS>So, should I ignore it because it doesn't mean that my SuSEfirewall doesn't run properly?
DNS ports aren't allowing traffic. I have to wait for my machine to finish booting and restart SuSEfirewall2 after a reboot.
PS>Manually ? I do the the same, my friend. From console I do : "SuSEfirewall2 stop" and "SuSEfirewall2 start". But I can not always do so each time my LAN user can not go to internet anymore. PS>Does it mean my mistake are : 1. open the wrong port number because I should open 67 ? 2. start SuSEfirewall2 in 2 runlevel, 3 and 5 ?If yes how should I start SuSEfirewall ? There are 3 services that I have start. They are : SuSEfirewall2_final, SuSEfirewall2_setup and SuSEfirewall2_init. Should I define like this: " SuSEfirewall2_final --> 2 SuSEfirewall2_init -->3 SuSEfirewall2_setup -->2 and 3 "? TIA.
--Jerry
Open-Source software isn't a matter of life or death... ...It's much more important than that!
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
--- Jerry A!
I think he's talking about on issue where if you set "FW_SERVICE_DNS" there appears to be a race condition.
For example, on my box I get the following error: 'Warning: FW_SERVICE_DNS defined, but no DNS server found running!
No biggee, except for the fact that afterwards the
PS>So, should I ignore it because it doesn't mean that my SuSEfirewall doesn't run properly?
DNS ports aren't allowing traffic. I have to wait for my machine to finish booting and restart SuSEfirewall2 after a reboot.
PS>Manually ? I do the the same, my friend. From console I do : "SuSEfirewall2 stop" and "SuSEfirewall2 start". But I can not always do so each time my LAN user can not go to internet anymore. PS>Does it mean my mistake are : 1. open the wrong port number because I should open 67 ? 2. start SuSEfirewall2 in 2 runlevel, 3 and 5 ?If yes how should I start SuSEfirewall ? There are 3 services that I have start. They are : SuSEfirewall2_final, SuSEfirewall2_setup and SuSEfirewall2_init. Should I define like this: " SuSEfirewall2_final --> 2 SuSEfirewall2_init -->3 SuSEfirewall2_setup -->2 and 3 "? TIA.
--Jerry
Open-Source software isn't a matter of life or death... ...It's much more important than that!
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
On 01/07/2003 02:08 AM, Prabu Subroto wrote:
PS>Does it mean my mistake are : 1. open the wrong port number because I should open 67?
Yes, you opened the wrong port for dhcp client, it is/should be set up as 67. -- Joe & Sesil Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Web Address: http://www.mydestiny.net/~joe_morris Registered Linux user 231871 God said, I AM that I AM. I say, by the grace of God, I am what I am.
Yes,
First,
if I register BIND, Squid into
"/etc/sysconfig/SuSEfirewall2" than each time
rebooting that the SuSEfirewall auto_detect say that
they are not detected but actually they are active. I
have install the patch from internet with YOU but no
change.
Second,
If I have to restart the SuSEfirewall2 regularly.
Because if I get new IP from the DCHP server of our
ISP than my LAN users can not go out to internet
anymore. Although I have registered DHCP-client on
"/etc/sysconfig/SuSEfirewall2" and I also have opened
the port on the firewall for DHCP-Client (546).
--- Pam R
On Monday 06 January 2003 13:59, Prabu Subroto wrote:
Dear my friends...
I can not keep using SuSEfirewall2 anymore. It has too much bugs inside. I want to migrate to shorewall2.
What bugs? (just curious)
Pam R -- sed s/MS/Linux/ Linux StepbyStep: http://www.linux-sxs.org/stepbystep.html
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
----- Original Message -----
From: "Prabu Subroto"
Dear my friends...
I can not keep using SuSEfirewall2 anymore. It has too much bugs inside. I want to migrate to shorewall2. But before I change my firewall I have to make sure at first :
As a matter of interest, what bugs have you experienced? <snip> __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com
Yes,
First,
if I register BIND, Squid into
"/etc/sysconfig/SuSEfirewall2" than each time
rebooting that the SuSEfirewall auto_detect say that
they are not detected but actually they are active. I
have install the patch from internet with YOU but no
change.
Second,
If I have to restart the SuSEfirewall2 regularly.
Because if I get new IP from the DCHP server of our
ISP than my LAN users can not go out to internet
anymore. Although I have registered DHCP-client on
"/etc/sysconfig/SuSEfirewall2" and I also have opened
the port on the firewall for DHCP-Client (546).
--- Linux World 999
----- Original Message ----- From: "Prabu Subroto"
To: Sent: Monday, January 06, 2003 1:59 PM Dear my friends...
I can not keep using SuSEfirewall2 anymore. It has too much bugs inside. I want to migrate to shorewall2. But before I change my firewall I have to make sure at first :
As a matter of interest, what bugs have you experienced?
<snip>
__________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
On Monday 06 January 2003 04:59 am, you wrote:
Dear my friends...
I can not keep using SuSEfirewall2 anymore. It has too much bugs inside. I want to migrate to shorewall2. But before I change my firewall I have to make sure at first :
1. Is it easy to install shorewall2 on SuSE Linux 8.1?
Yes, very easy, just shutdown SuSE firewall. There are rpms available for shorewall.
2. Is shorewall included in SuSE 8.1?
No go to www.shorewall.net Be sure to read the quick start guide
3. Does shorewall has ip-masquerading? If not how can I activate/start this ip-masquerading?
Yes, and its all explained in the quick start guide
4. If I don't want to use any firewall temporarely, Can I activate/start the ip-masquerading on SuSE Linux
Its easiere with shorewall, there is no reason to be without a firewall. The amound of work you have to do to get iptables running for masq is the same as getting it to be a firewall.
5. After I install shorewall2, can I configure the shorewall firewall to be started each time the SuSE Linux 8.1 OS starts with YaST2?
It does this automatically when you install the rpm. BEAR IN MIND: That shorewall simply feeds iptables the proper scripts, shorewall does not "run" in the normal sense. Its a tool to control iptables. If you patiently read the quick start guide you should have it up and running in 20 minutes flat, includind the reading time. Very easy to get up and running and very easy to manage with just a text editor. -- _________________________________________________ John Andersen / Juneau Alaska
participants (7)
-
Jerry A!
-
Joe Morris (NTM)
-
John Andersen
-
Linux World 999
-
Pam R
-
Prabu Subroto
-
Togan Muftuoglu