[SLE] Firewall setup in 6.4
Hi I hope someone can help me. I have a linux box with a modem and a windows pc connected through ethernet to the linux box. linux ip address: 192.168.1.1 windows ip address: 192.168.1.2 netmask 255.255.255.0 I had SuSE 6.3 set up with a firewall, I just installed 6.4 with the susefirewall and I cant even ping the windows pc from linux. The linux box can however ping itself. I have already made the following changes in linux: In /etc/rc.config IP_FORWARD=yes START_FW=yes In /etc/rc.config.d/firewall.rc.config/ FW_DEV_WORLD="ppp0" FW_DEV_WORLD_ppp0="192.168.1.1 255.255.255.0" FW_DEV_INT="eth0" FW_DEV_INT_eth0="192.168.1.1 255.255.255.0" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_NETS="192.168.1.0/24" FW_MASQ_DEV="ppp0" FW_PROTECT_FROM_INTERNAL="no" FW_KERNAL_SECURITY="no" All other settings are untouched. In yast I have set the autoip to NO AUTO IP ie no DHCP or BOOTP I have set the name server to 192.168.1.1 and my domain name: privat What else do I have to do, or what have I done wrong? If the 2 computers can't even ping each other, then it must be something very basic that I have overseen. Do I need to change nr. 9 in /etc/rc.config.d/firewall.rc.config/ ? FW_SERVICES_EXTERNAL_TCP="" FW_SERVICES_EXTERNAL_UDP="" FW_SERVICES_INTERNAL_TCP="" FW_SERVICES_INTERNAL_UDP="" Thanks Paul -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
At 04:58 PM 04/13/00 +0200, Paul Evans wrote:
I have a linux box with a modem and a windows pc connected through ethernet to the linux box.
I have the same setup. My advice is don't use the SuSE firewall setup. I spent a day trying to get it to work and everytime I started the firewall I couldn't connect. So in rc.config: START_FW="no" I'm not worried about a firewall yet, as I only have a dialup. If someone wants to launch an attack at modem speeds, well, fine. Anyway, in my wvdial.dod script I have this at the end of startpppd(): echo "WARNING: wvdial.dod replacing forward ipchain with only MASQ!" /sbin/ipchains -F forward /sbin/ipchains -A forward -j MASQ -i ppp0 /sbin/insmod ip_masq_ftp That's it. Then in /etc/ppp/ip-up I have su moseley -c 'fetchmail -d 60 -M ppp0' in the ppp0 start section to start reading my email. Right before I get DSL I'll add to my ipchains. I'm running a caching only DNS and using sendmail to send the mail. Dial on demand works fine. The next version of fetchmail will allow you to call a sleeping fetchmail (sleeping because of the -M switch) and connect. That way I can have it dial on deman from a cron job and leave fetchmail running all the time. Bill Moseley mailto:moseley@hank.org -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Thanks It's working again, I've spent the last 2 days going round in circles on this thing. Still I'd like to eventually find out how one goes about setting up a firewall. Paul -----Original Message----- From: Bill Moseley [mailto:moseley@hank.org] Sent: 13 April 2000 17:52 To: Paul Evans; Suse linux Subject: Re: [SLE] Firewall setup in 6.4 At 04:58 PM 04/13/00 +0200, Paul Evans wrote:
I have a linux box with a modem and a windows pc connected through ethernet to the linux box.
I have the same setup. My advice is don't use the SuSE firewall setup. I spent a day trying to get it to work and everytime I started the firewall I couldn't connect. So in rc.config: START_FW="no" I'm not worried about a firewall yet, as I only have a dialup. If someone wants to launch an attack at modem speeds, well, fine. Anyway, in my wvdial.dod script I have this at the end of startpppd(): echo "WARNING: wvdial.dod replacing forward ipchain with only MASQ!" /sbin/ipchains -F forward /sbin/ipchains -A forward -j MASQ -i ppp0 /sbin/insmod ip_masq_ftp That's it. Then in /etc/ppp/ip-up I have su moseley -c 'fetchmail -d 60 -M ppp0' in the ppp0 start section to start reading my email. Right before I get DSL I'll add to my ipchains. I'm running a caching only DNS and using sendmail to send the mail. Dial on demand works fine. The next version of fetchmail will allow you to call a sleeping fetchmail (sleeping because of the -M switch) and connect. That way I can have it dial on deman from a cron job and leave fetchmail running all the time. Bill Moseley mailto:moseley@hank.org -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
At 11:27 PM 04/13/00 +0200, Paul Evans wrote:
Thanks It's working again, I've spent the last 2 days going round in circles on this thing. Still I'd like to eventually find out how one goes about setting up a firewall.
Someone posted this a few days ago: http://linux-firewall-tools.com/linux/firewall/index.html Bill Moseley mailto:moseley@hank.org -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (2)
-
moseley@hank.org
-
pevans@bigfoot.de