[SLE] where is rc.firewall?
i've been reading on firewalls, ipchains and ipmasqing and i'm still confused as to where rc.firewall goes. i was looking through the firewall-related files in my suse installation and these are what i found: 1. /etc/rc.d@ becomes /sbin/init.d . . . under this directory is firewall. is this rc.firewall? 2. /etc/rc.config . . . entries about firewall here . . . do these entries represent rc.firewall? 3. /sbin/init.d/masquerade . . . is this rc.masquerade? . . or . . . 4. /etc/rc.config . . . entries about IP_Masq here . . do these entries represent rc.masquerade? also, what ipchains rules go to the masquerade and/or firewall files? confused . . . mac -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Here's one I can help with. :-) On Mon, 14 Feb 2000, Mac Q. Flores IV wrote:
i've been reading on firewalls, ipchains and ipmasqing and i'm still confused as to where rc.firewall goes.
Though you could try to fight with ipchains rules manually, I find that a bit cumbersome, and worse, I don't know if any rule set I implement is "complete" enough. I use Marc Heuse's "firewals" package, which is available on the 6.3 CD's, but version 1.4 is pretty far behind in terms of what I deem necessary features. I'm currently running 1.9.1, and I just checked today and Marc has version 2.0 available for download. :-) Marc Heuse's page is at: http://www.suse.de/~marc Now, assuming the use of the "firewals" package: /etc/rc.firewall - configuration settings for the firewals package. /sbin/init.d/firewall - starts or stops the firewall script /sbin/SuSEfirewall - the actual firewall script The latter two you should NOT need to change at all. Just make your changes in /etc/rc.firewall. One more thing: You may need to add a line to /etc/rc.config that says: START_FW="yes" If you do make that change/addition, be sure to run SuSEconfig after- wards. Hope this helped, Argentium [ Off to upgrade to version 2.0 ] :-) -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
At 13:26 2000-02-14 -0600, Mac Q. Flores wrote:
1. /etc/rc.d@ becomes /sbin/init.d . . . under this directory is firewall. is this rc.firewall? 2. /etc/rc.config . . . entries about firewall here . . . do these entries represent rc.firewall? 3. /sbin/init.d/masquerade . . . is this rc.masquerade? . . or . . . 4. /etc/rc.config . . . entries about IP_Masq here . . do these entries represent rc.masquerade?
also, what ipchains rules go to the masquerade and/or firewall files?
Yes, it confused me for a while, too. Can answer most of your questions based on getting a firewall going with masquerading. 1. Yes, /sbin/init.d/firewall gets run automatically. Whatever the howto says to do with rc.firewall will work in /sbin/init.d/firewall. 2. The entries in rc.config are parameters which control the /sbin/init.d/firewall as provided by SuSE. 3 & 4. Don't know about rc.masquerade. I set up masquerading based on a 'howto' version of rc.firewall, by replacing /sbin/init.d/firewall. Because the rc.firewall doesn't make use of the rc.config parameters, there's no need to modify rc.config. It will work fine just to take rc.firewall, adjust it for your own system, and with the result replace /sbin/init.d/firewall. To debug the firewall, the ipconfig -L command is useful. Also, it is useful to put the -l option into your DENY and REJECT rules, so that you can look into the log and see why certain packets are not getting through. -- Scott Turner p.turner@computer.org http://www.ma.ultranet.com/~pkturner -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (3)
-
agtiger@grapevine.net -
mflores@midway.uchicago.edu -
p.turner@computer.org