Hello guys, I upgraded to 7.2 two weeks ago from version 7.0. Since my upgrade I cannot get my other Windows and Linux computers to access the internet. The Suse firewall in 7.2 will not even start. What can I do to get everything working again. I also tried my firewall file from 7.0 but it dowsn't work. Any help would be greatly apprreciated. Here some information about my lan. netstat | grep tcp tcp 0 0 ::ffff:213.17.23.:33094 ::ffff:195.96.96.1:pop3 TIME_WAIT 192.168.33.1 is the internet server 192.168.33.2 -192.168.33.4 are clients to the net which cannot connect yet. route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 195.96.100.62 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.33.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 195.96.100.62 0.0.0.0 UG 0 0 0 ppp0 ipchains -L Chain input (policy DENY): target prot opt source destination ports DENY all ------ anywhere 255.255.255.255 n/a DENY udp ------ anywhere anywhere any -> netbios-ns DENY tcp ------ anywhere anywhere any -> netbios-ns DENY udp ------ anywhere anywhere any -> netbios-dgm DENY tcp ------ anywhere anywhere any -> netbios-dgm DENY udp ------ anywhere anywhere any -> bootps DENY udp ------ anywhere anywhere any -> bootpc DENY all ------ BASE-ADDRESS.MCAST.net/8 anywhere n/a ACCEPT all ------ localnet/8 anywhere n/a ACCEPT all ------ 192.168.33.0/24 anywhere n/a ACCEPT all ------ 192.168.33.0/24 255.255.255.255 n/a ACCEPT icmp ------ anywhere anywhere any -> any ACCEPT tcp !y---- anywhere anywhere any -> any ACCEPT udp ------ sun4000.casema.net anywhere domain -> 1023:65535 ACCEPT udp ------ ns1.casema.net anywhere domain -> 1023:65535 ACCEPT tcp ------ anywhere anywhere any -> ssh ACCEPT tcp ------ anywhere anywhere any -> telnet ACCEPT tcp ------ anywhere anywhere any -> smtp ACCEPT tcp ------ anywhere anywhere any -> ident ACCEPT tcp ------ anywhere anywhere any -> http ACCEPT tcp ------ anywhere anywhere any -> ftp DENY all ----l- anywhere anywhere n/a Chain forward (policy ACCEPT): target prot opt source destination ports MASQ all ------ 192.168.33.0/24 anywhere n/a maf king wrote:
Hi Christoph
On 2001.08.20 11:35:52 +0100 Christoph Egger wrote:
On Monday, 20. August 2001 12:24, maf@cybereye.co.uk wrote:
Hi Christoph,
Looks like the interface ipsec0 is being DENYed by default. Try
inserting
a couple of rules in your firewall :
INPUT : allow everything from interface ipsec0 OUTPUT : allow everything to ipsec0
Yes, this works!!! A BIG THANK!!!
Glad I was finally some help to you. ;-)
Now all you need to do is figure out if accepting *everything* on the ipsec0 interface is a good idea or not!
Best Wishes, Maf.
-- CU, Christoph