[SuSE Linux] Why no Firewall/Masquerade Info in SuSE 6.0
Hi, I just picked up a copy of SuSE 6.0 (I'm using 5.3 at the moment), and reading through the manual, I didn't see a section (or any reference in the index) on Firewall and Masquerade. Given that a lot of people are using Linux on a 486 box for internet access for a LAN, how come no instructions? Should I make copies of files like rc.config, hosts, etc., before attempting to upgrade? I figure I'd better write down the IRQ and interrupts for my two ethernet cards for sure. Stan Koper -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e Check out the SuSE-FAQ at <A HREF="http://www.suse.com/Support/Doku/FAQ/"><A HREF="http://www.suse.com/Support/Doku/FAQ/</A">http://www.suse.com/Support/Doku/FAQ/</A</A>> and the archive at <A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html"><A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html</A">http://www.suse.com/Mailinglists/suse-linux-e/index.html</A</A>>
Stan Koper wrote:
Hi,
I just picked up a copy of SuSE 6.0 (I'm using 5.3 at the moment), and reading through the manual, I didn't see a section (or any reference in the index) on Firewall and Masquerade. Given that a lot of people are using Linux on a 486 box for internet access for a LAN, how come no instructions?
Neither in the german version. ;-( But, look into the docs on CD. The "old" 5.3 Article might be theresomewhere. (IŽll go looking for it today, since I am working on the same thing) There are changes with the 2.2.x Kernels, ipfwadm has changed to something I donŽt remember. ;-)
Should I make copies of files like rc.config, hosts, etc., before attempting to upgrade? I figure I'd better write down the IRQ and interrupts for my two ethernet cards for sure.
definately. save your home directorys, /etc, and if you made changes to your boot files also /sbin/init.d. Anything in /usr/local/bin? I had a big crash recently and learned a lesson. ;-)) Updating wonŽt kill your stuff, but create *.rpmsave *.rpmorig files. ItŽs helpful if you know whatŽs been changed before. Juergen -- ========================================== __ _ Juergen Braukmann mail: brauki@cityweb.de| -o)/ / (_)__ __ ____ __ Tel: 0201-743648 dk4jb@db0qs.#nrw.deu.eu| /\\ /__/ / _ \/ // /\ \/ / ==========================================_\_v __/_/_//_/\_,_/ /_/\_\ -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e Check out the SuSE-FAQ at <A HREF="http://www.suse.com/Support/Doku/FAQ/"><A HREF="http://www.suse.com/Support/Doku/FAQ/</A">http://www.suse.com/Support/Doku/FAQ/</A</A>> and the archive at <A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html"><A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html</A">http://www.suse.com/Mailinglists/suse-linux-e/index.html</A</A>>
I just got done upgrading my home network server from SuSE 5.3 to SuSE 6.0 and all I can say is what a pain. The upgrade was very smooth and everything was working fine after the upgrade expect IP Masquerading. As it turned out, I had to go and hand edit "/etc/rc.config" and set IP_FORWARD=yes inorder to get things working again. I guess I'm confused as to what other way is there to configure this stuff? I don't recall seeing any option for IP_FORWARDING in YaST. I had IP Masquerading working fine under SuSE 5.2 and it still worked after I upgraded to 5.3. It seems like something really changed in SuSE 6.0 with regard to this. What alerted me to this problem that then led to a solution was that during bootup, I would see a message stating that IP Forwarding was being turned off. After greping around a bit I found that this message was being displayed from the "/sbin/init.d/boot" script. Tony Juergen Braukmann wrote:
Stan Koper wrote:
Hi,
I just picked up a copy of SuSE 6.0 (I'm using 5.3 at the moment), and reading through the manual, I didn't see a section (or any reference in the index) on Firewall and Masquerade. Given that a lot of people are using Linux on a 486 box for internet access for a LAN, how come no instructions?
Neither in the german version. ;-( But, look into the docs on CD. The "old" 5.3 Article might be theresomewhere. (IŽll go looking for it today, since I am working on the same thing) There are changes with the 2.2.x Kernels, ipfwadm has changed to something I donŽt remember. ;-)
Should I make copies of files like rc.config, hosts, etc., before attempting to upgrade? I figure I'd better write down the IRQ and interrupts for my two ethernet cards for sure.
definately. save your home directorys, /etc, and if you made changes to your boot files also /sbin/init.d. Anything in /usr/local/bin? I had a big crash recently and learned a lesson. ;-)) Updating wonŽt kill your stuff, but create *.rpmsave *.rpmorig files. ItŽs helpful if you know whatŽs been changed before.
Juergen
-- ========================================== __ _ Juergen Braukmann mail: brauki@cityweb.de| -o)/ / (_)__ __ ____ __ Tel: 0201-743648 dk4jb@db0qs.#nrw.deu.eu| /\\ /__/ / _ \/ // /\ \/ / ==========================================_\_v __/_/_//_/\_,_/ /_/\_\ -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e Check out the SuSE-FAQ at <A HREF="http://www.suse.com/Support/Doku/FAQ/"><A HREF="http://www.suse.com/Support/Doku/FAQ/</A">http://www.suse.com/Support/Doku/FAQ/</A</A>> and the archive at <A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html"><A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html</A">http://www.suse.com/Mailinglists/suse-linux-e/index.html</A</A>>
-- Anthony.Schlemmer@gte.net -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e Check out the SuSE-FAQ at <A HREF="http://www.suse.com/Support/Doku/FAQ/"><A HREF="http://www.suse.com/Support/Doku/FAQ/</A">http://www.suse.com/Support/Doku/FAQ/</A</A>> and the archive at <A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html"><A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html</A">http://www.suse.com/Mailinglists/suse-linux-e/index.html</A</A>>
Hi, On Sat, Mar 13, Anthony Schlemmer wrote:
I just got done upgrading my home network server from SuSE 5.3 to SuSE 6.0 and all I can say is what a pain. The upgrade was very smooth and everything was working fine after the upgrade expect IP Masquerading. As it turned out, I had to go and hand edit "/etc/rc.config" and set IP_FORWARD=yes inorder to get things working again. I guess I'm confused as to what other way is there to configure this stuff? I don't recall seeing any option for IP_FORWARDING in YaST. I had IP Masquerading working fine under SuSE 5.2 and it still worked after I upgraded to 5.3. It seems like something really changed in SuSE 6.0 with regard to this.
According to the RFCs, a normal computer (not a router) should not forward IP packages. So basically this has been wrong in earlier version of SuSE Linux and we have fixed this by defaulting to disabling IP forwarding. I admit that this should have been better documented.
What alerted me to this problem that then led to a solution was that during bootup, I would see a message stating that IP Forwarding was being turned off. After greping around a bit I found that this message was being displayed from the "/sbin/init.d/boot" script.
Tony -o) Hubert Mantel Goodbye, dots... /\\ _\_v
-- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e Check out the SuSE-FAQ at <A HREF="http://www.suse.com/Support/Doku/FAQ/"><A HREF="http://www.suse.com/Support/Doku/FAQ/</A">http://www.suse.com/Support/Doku/FAQ/</A</A>> and the archive at <A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html"><A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html</A">http://www.suse.com/Mailinglists/suse-linux-e/index.html</A</A>>
Hi, I had a similar experience in going from 5.3 to 6.0, viz, a perfectly-functioning network suddenly no longer worked. But having read the messages in this and other threads I had turned IP forwarding on. I could access the internet (via cable modem) from my linux box, and I could ping the internal card from any of the various windows machines in the network, but I couldn't ping the external card (eth1), nor could I get out. I finally figured it out. I had turned FW_INOUT on in the setup, but hadn't written a FW-INOUT file. So all my internal IPs were being denied access to the internet! I did this once, and got a smooth running network, under 5.3, but then I promptly forgot just about everything I did to get to that point... The 6.0 install (on a fresh hard disk) was very smooth, maybe too smooth. I remember being asked about kernel setup and which modules I wanted under 5.3, but nothing under 6.0. Now I need to remember which file it was that contains information on all of the services like ftp, telent, etc., that I have to turn off. And I thought I could upgrade my kernel directly from the internet, via ftp. I tried it with 2.0.36 under 5.3 (although I got a compile error, and never finished up). But I can't see how to do that with 6.0. Stan Koper Hubert Mantel wrote:
Hi,
On Sat, Mar 13, Anthony Schlemmer wrote:
I just got done upgrading my home network server from SuSE 5.3 to SuSE 6.0 and all I can say is what a pain. The upgrade was very smooth and everything was working fine after the upgrade expect IP Masquerading. As it turned out, I had to go and hand edit "/etc/rc.config" and set IP_FORWARD=yes inorder to get things working again. I guess I'm confused as to what other way is there to configure this stuff? I don't recall seeing any option for IP_FORWARDING in YaST. I had IP Masquerading working fine under SuSE 5.2 and it still worked after I upgraded to 5.3. It seems like something really changed in SuSE 6.0 with regard to this.
According to the RFCs, a normal computer (not a router) should not forward IP packages. So basically this has been wrong in earlier version of SuSE Linux and we have fixed this by defaulting to disabling IP forwarding.
I admit that this should have been better documented.
What alerted me to this problem that then led to a solution was that during bootup, I would see a message stating that IP Forwarding was being turned off. After greping around a bit I found that this message was being displayed from the "/sbin/init.d/boot" script.
Tony -o) Hubert Mantel Goodbye, dots... /\\ _\_v -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e Check out the SuSE-FAQ at <A HREF="http://www.suse.com/Support/Doku/FAQ/"><A HREF="http://www.suse.com/Support/Doku/FAQ/</A">http://www.suse.com/Support/Doku/FAQ/</A</A>> and the archive at <A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html"><A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html</A">http://www.suse.com/Mailinglists/suse-linux-e/index.html</A</A>>
-- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e Check out the SuSE-FAQ at <A HREF="http://www.suse.com/Support/Doku/FAQ/"><A HREF="http://www.suse.com/Support/Doku/FAQ/</A">http://www.suse.com/Support/Doku/FAQ/</A</A>> and the archive at <A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html"><A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html</A">http://www.suse.com/Mailinglists/suse-linux-e/index.html</A</A>>
participants (4)
-
Anthony.Schlemmer@gte.net -
brauki@cityweb.de -
mantel@suse.de -
skoper@mediaone.net