SuSEfirewall2 blocking(?) internal network.
After rebooting my internal network isn't able to connect to internet. Issuing SuSEfirewall2 stop and SuSEfirewall2 start fixes the problem. Is there a way to fix this behaviour? Attached is firewall config.(SuSE8.2) Thanks Wesley /etc/sysconfig/SuSEfirewall2: FW_QUICKMODE="no" FW_DEV_EXT="eth0" FW_DEV_INT="eth1" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.1.0/24" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="ssh 1521 80 139 3306 7777" FW_SERVICES_EXT_UDP="123" # Common: domain FW_TRUSTED_NETS="24.141.63.70 24.141.54.25 192.168.1.0 192.168.1.1 192.168.1.60" FW_ALLOW_INCOMING_HIGHPORTS_TCP="no" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" FW_SERVICE_AUTODETECT="yes" # Autodetect the services below when starting FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="yes" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="yes" FW_FORWARD="yes" # Beware to use this! FW_FORWARD_MASQ="" # Beware to use this! FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="no" FW_CUSTOMRULES="" FW_REJECT="no" FW_HTB_TUNE_DEV="" -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Wesley Skoczen http://portal.skoczen.com Linux Registered User #274645 at http://counter.li.org/ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
On Monday 21 July 2003 19:07, Wesley Skoczen wrote:
After rebooting my internal network isn't able to connect to internet. Issuing SuSEfirewall2 stop and SuSEfirewall2 start fixes the problem. Is there a way to fix this behaviour?
What machine was rebooted? I assume it was the gateway? Do you get your public IP from DHCP? if so then this needs to be set to yes: FW_SERVICE_DHCLIENT="yes" Otherwise the firewall doesn't know the external IP so thinks it's an illegal target Dylan -- Sweet moderation Heart of this nation Desert us not We are between the wars - Billy Bragg
Dylan wrote:
On Monday 21 July 2003 19:07, Wesley Skoczen wrote:
After rebooting my internal network isn't able to connect to internet. Issuing SuSEfirewall2 stop and SuSEfirewall2 start fixes the problem. Is there a way to fix this behaviour?
What machine was rebooted? I assume it was the gateway? Do you get your public IP from DHCP? if so then this needs to be set to yes:
FW_SERVICE_DHCLIENT="yes"
Otherwise the firewall doesn't know the external IP so thinks it's an illegal target
Dylan
Yes gateway is rebooted, it gets its IP from DHCP. I entered FW_SERVICE_DHCLIENT="yes and rebooted, didn't help. -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Wesley Skoczen http://portal.skoczen.com Linux Registered User #274645 at http://counter.li.org/ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
On Monday 21 July 2003 19:51, Wesley Skoczen wrote:
Dylan wrote:
On Monday 21 July 2003 19:07, Wesley Skoczen wrote:
After rebooting my internal network isn't able to connect to internet. Issuing SuSEfirewall2 stop and SuSEfirewall2 start fixes the problem. Is there a way to fix this behaviour?
What machine was rebooted? I assume it was the gateway? Do you get your public IP from DHCP? if so then this needs to be set to yes:
FW_SERVICE_DHCLIENT="yes"
Otherwise the firewall doesn't know the external IP so thinks it's an illegal target
Dylan
Yes gateway is rebooted, it gets its IP from DHCP. I entered FW_SERVICE_DHCLIENT="yes and rebooted, didn't help.
Did you either A) do this in yast; or B) run SuSEconfig afterwards. Otherwise the firewall2 script doesn't get updated Dylan
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Wesley Skoczen http://portal.skoczen.com Linux Registered User #274645 at http://counter.li.org/ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Sweet moderation Heart of this nation Desert us not We are between the wars - Billy Bragg
Dylan wrote:
On Monday 21 July 2003 19:51, Wesley Skoczen wrote:
Dylan wrote:
On Monday 21 July 2003 19:07, Wesley Skoczen wrote:
After rebooting my internal network isn't able to connect to internet. Issuing SuSEfirewall2 stop and SuSEfirewall2 start fixes the problem. Is there a way to fix this behaviour?
What machine was rebooted? I assume it was the gateway? Do you get your public IP from DHCP? if so then this needs to be set to yes:
FW_SERVICE_DHCLIENT="yes"
Otherwise the firewall doesn't know the external IP so thinks it's an illegal target
Dylan
Yes gateway is rebooted, it gets its IP from DHCP. I entered FW_SERVICE_DHCLIENT="yes and rebooted, didn't help.
Did you either A) do this in yast; or B) run SuSEconfig afterwards. Otherwise the firewall2 script doesn't get updated
I edited file /etc/sysconfig/SuSEfirewall2 and rebooted, do I need to run SuSEconfig or is this file read when the system boots up? -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Wesley Skoczen http://portal.skoczen.com Linux Registered User #274645 at http://counter.li.org/ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
On Monday 21 July 2003 20:12, Wesley Skoczen wrote:
Dylan wrote:
On Monday 21 July 2003 19:51, Wesley Skoczen wrote:
Dylan wrote:
On Monday 21 July 2003 19:07, Wesley Skoczen wrote:
After rebooting my internal network isn't able to connect to internet. Issuing SuSEfirewall2 stop and SuSEfirewall2 start fixes the problem. Is there a way to fix this behaviour?
What machine was rebooted? I assume it was the gateway? Do you get your public IP from DHCP? if so then this needs to be set to yes:
FW_SERVICE_DHCLIENT="yes"
Otherwise the firewall doesn't know the external IP so thinks it's an illegal target
Dylan
Yes gateway is rebooted, it gets its IP from DHCP. I entered FW_SERVICE_DHCLIENT="yes and rebooted, didn't help.
Did you either A) do this in yast; or B) run SuSEconfig afterwards. Otherwise the firewall2 script doesn't get updated
I edited file /etc/sysconfig/SuSEfirewall2 and rebooted, do I need to run SuSEconfig or is this file read when the system boots up?
No, you need to run SuSEconfig to copy the changes from the config file to the actual firewal script
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Wesley Skoczen http://portal.skoczen.com Linux Registered User #274645 at http://counter.li.org/ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Sweet moderation Heart of this nation Desert us not We are between the wars - Billy Bragg
Dylan wrote:
On Monday 21 July 2003 20:12, Wesley Skoczen wrote:
Dylan wrote:
On Monday 21 July 2003 19:51, Wesley Skoczen wrote:
Dylan wrote:
On Monday 21 July 2003 19:07, Wesley Skoczen wrote:
After rebooting my internal network isn't able to connect to internet. Issuing SuSEfirewall2 stop and SuSEfirewall2 start fixes the problem. Is there a way to fix this behaviour?
What machine was rebooted? I assume it was the gateway? Do you get your public IP from DHCP? if so then this needs to be set to yes:
FW_SERVICE_DHCLIENT="yes"
Otherwise the firewall doesn't know the external IP so thinks it's an illegal target
Dylan
Yes gateway is rebooted, it gets its IP from DHCP. I entered FW_SERVICE_DHCLIENT="yes and rebooted, didn't help.
Did you either A) do this in yast; or B) run SuSEconfig afterwards. Otherwise the firewall2 script doesn't get updated
I edited file /etc/sysconfig/SuSEfirewall2 and rebooted, do I need to run SuSEconfig or is this file read when the system boots up?
No, you need to run SuSEconfig to copy the changes from the config file to the actual firewal script
I did run SuSEconfig, rebooted - no change. Wesley -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Wesley Skoczen http://portal.skoczen.com Linux Registered User #274645 at http://counter.li.org/ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
On Monday 21 July 2003 20:32, Wesley Skoczen wrote: <SNIP>
I did run SuSEconfig, rebooted - no change.
in the yast module for routing (on the gateway) is "Enable IP Forwarding" checked?
Wesley
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Wesley Skoczen http://portal.skoczen.com Linux Registered User #274645 at http://counter.li.org/ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Sweet moderation Heart of this nation Desert us not We are between the wars - Billy Bragg
Dylan wrote:
On Monday 21 July 2003 20:32, Wesley Skoczen wrote: <SNIP>
I did run SuSEconfig, rebooted - no change.
in the yast module for routing (on the gateway) is "Enable IP Forwarding" checked?
it was unchecked. Checked it, rebooted - no change. Wesley -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Wesley Skoczen http://portal.skoczen.com Linux Registered User #274645 at http://counter.li.org/ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
On Monday 21 July 2003 20:58, Wesley Skoczen wrote:
Dylan wrote:
On Monday 21 July 2003 20:32, Wesley Skoczen wrote: <SNIP>
I did run SuSEconfig, rebooted - no change.
in the yast module for routing (on the gateway) is "Enable IP Forwarding" checked?
it was unchecked. Checked it, rebooted - no change.
Sorry to say we have reached the end of my knowledge on this...
Wesley
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Wesley Skoczen http://portal.skoczen.com Linux Registered User #274645 at http://counter.li.org/ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Sweet moderation Heart of this nation Desert us not We are between the wars - Billy Bragg
Dylan wrote:
On Monday 21 July 2003 20:58, Wesley Skoczen wrote:
Dylan wrote:
On Monday 21 July 2003 20:32, Wesley Skoczen wrote: <SNIP>
I did run SuSEconfig, rebooted - no change.
in the yast module for routing (on the gateway) is "Enable IP Forwarding" checked?
it was unchecked. Checked it, rebooted - no change.
Sorry to say we have reached the end of my knowledge on this...
Thank You for you time and patience. Wesley -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Wesley Skoczen http://portal.skoczen.com Linux Registered User #274645 at http://counter.li.org/ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
On Monday 21 July 2003 21:17, Wesley Skoczen wrote:
Dylan wrote:
On Monday 21 July 2003 20:58, Wesley Skoczen wrote:
Dylan wrote:
On Monday 21 July 2003 20:32, Wesley Skoczen wrote: <SNIP>
I did run SuSEconfig, rebooted - no change.
in the yast module for routing (on the gateway) is "Enable IP Forwarding" checked?
it was unchecked. Checked it, rebooted - no change.
Sorry to say we have reached the end of my knowledge on this...
Thank You for you time and patience.
Ur welcome - hopefully when you get this problem sorted we'll both learn something Good luck Dylan
Wesley
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Wesley Skoczen http://portal.skoczen.com Linux Registered User #274645 at http://counter.li.org/ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Sweet moderation Heart of this nation Desert us not We are between the wars - Billy Bragg
Wesley Skoczen wrote:
Dylan wrote:
On Monday 21 July 2003 20:58, Wesley Skoczen wrote:
Dylan wrote:
On Monday 21 July 2003 20:32, Wesley Skoczen wrote: <SNIP>
I did run SuSEconfig, rebooted - no change.
in the yast module for routing (on the gateway) is "Enable IP Forwarding" checked?
it was unchecked. Checked it, rebooted - no change.
Please send a: # chkconfig -l SuSEfirewall2* -- Andreas
Andreas Winkelmann wrote:
Wesley Skoczen wrote:
Dylan wrote:
On Monday 21 July 2003 20:58, Wesley Skoczen wrote:
Dylan wrote:
On Monday 21 July 2003 20:32, Wesley Skoczen wrote: <SNIP>
I did run SuSEconfig, rebooted - no change.
in the yast module for routing (on the gateway) is "Enable IP Forwarding" checked?
it was unchecked. Checked it, rebooted - no change.
Please send a:
# chkconfig -l SuSEfirewall2*
after running chkconfig -l and reviewing boot messages I realized that firewall was not initialized. I have set it up with yast to start at bootup and now everything works. Firewall used to work earlier I remember seeing initialization messages at bootup. I can't remember changing it's settings. Very misliding was fact that there was no warning when I was running SuSEfirewall2 stop (it should tell that firewall is not running) Thank You all for help!!! Wesley -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Wesley Skoczen http://portal.skoczen.com Linux Registered User #274645 at http://counter.li.org/ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Wesley Skoczen wrote, On 07/22/2003 02:51 AM:
Dylan wrote:
On Monday 21 July 2003 19:07, Wesley Skoczen wrote:
After rebooting my internal network isn't able to connect to internet. Issuing SuSEfirewall2 stop and SuSEfirewall2 start fixes the problem. Is there a way to fix this behaviour?
Yes
What machine was rebooted? I assume it was the gateway? Do you get your public IP from DHCP? if so then this needs to be set to yes:
FW_SERVICE_DHCLIENT="yes"
Otherwise the firewall doesn't know the external IP so thinks it's an illegal target
Yes gateway is rebooted, it gets its IP from DHCP. I entered FW_SERVICE_DHCLIENT="yes and rebooted, didn't help.
Did you also open the port for dhclient to actually work? Try adding port 68 to FW_SERVICES_EXT_UDP (and maybe INT as well). It sounds like your firewall is blocking dhclient from getting its address, stopping and restarting allows it to get its address and sets up the firewall with the correct external address. Do you see anything in /var/log/firewall? -- Joe Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Web Address: http://www.mydestiny.net/~joe_morris Registered Linux user 231871 God said, I AM that I AM. I say, by the grace of God, I am what I am.
On Monday 21 July 2003 19:51, Wesley Skoczen wrote:
Dylan wrote:
On Monday 21 July 2003 19:07, Wesley Skoczen wrote:
After rebooting my internal network isn't able to connect to internet. Issuing SuSEfirewall2 stop and SuSEfirewall2 start fixes the problem. Is there a way to fix this behaviour?
What machine was rebooted? I assume it was the gateway? Do you get your public IP from DHCP? if so then this needs to be set to yes:
FW_SERVICE_DHCLIENT="yes"
Otherwise the firewall doesn't know the external IP so thinks it's an illegal target
Dylan
Yes gateway is rebooted, it gets its IP from DHCP. I entered FW_SERVICE_DHCLIENT="yes and rebooted, didn't help. <SNIP>
Are you using an interface which not available when the firewall starts? The PC here has a USB wireless adapter which is not up when the firewall starts. After booting, once the adapter is activated the firewall has to be restarted to allow connections to the USB adapter. LW999
participants (5)
-
Andreas Winkelmann
-
Dylan
-
Joe Morris (NTM)
-
LinuxWorld999
-
Wesley Skoczen