Hello,
I successfully installed SuSEfirewall2 and configured it to my needs. The firewall box is set up with two external interfaces (ippp0 and eth1). eth1 is normally connected to an ELSA DSL router and in case DSL will not work I want to switch back to ISDN. So far I've set up ISDN and that stuff, the box is doing everything fine. Clients can do http, https, ftp, mail and so on. Portscans run from the internet report all ports as stealth and the firewall cannot be pinged from the internet. But when it comes to a ping from the internal network to the internet, nothing works. I've tried all the FW_ALLOW_PING_[FW|DMZ|EXT] settings, with no results. Interesting: when I set FW_FORWARD_PING_DMZ="yes" I am able to ping the internet from the firewall, but not from the clients. More interesting: I have not configured a DMZ (yet). What I would like to do is to ping the internet from the clients and get
Hi Jim,
thanks for the reply. These are the settings for the firewall:
INT="192.168.1.0/24"
ADMIN="192.168.1.199/32"
ELSA="192.168.15.16/32"
ALLOW_DNS="192.168.1.211/32,0/0,udp,53"
ALLOW_WWW="$INT,0/0,tcp,80 $INT,0/0,tcp,443"
ALLOW_FTP="$INT,0/0,tcp,20 $INT,0/0,tcp,21"
ALLOW_MAIL="$INT,0/0,tcp,110 $INT,0/0,udp,110 $INT,0/0,tcp,25
$INT,0/0,udp,25"
FW_MASQ_NETS="$ALLOW_DNS $ALLOW_WWW $ALLOW_FTP $ALLOW_MAIL"
FW_ROUTE="yes"
FW_MASQ_DEV="$FW_DEV_EXT", where FW_DEV_EXT="ippp0 eth1"
FW_PROTECT_FROM_INTERNAL="yes"
Upgrading from 1.6 to 1.7 did not solve the problem.
Thanks, Peter
-----Ursprungliche Nachricht-----
Von: James Bliss [mailto:jamesbliss@home.com]
Gesendet: Dienstag, 4. September 2001 23:15
An: Peter Menzel; suse-security@suse.com
Betreff: Re: [suse-security] SuSEfirewall2 and ICMP
I have mine with FW_ALLOW_EXT and this allows my internal clients to ping
the internet. It sounds like you have something else setup which is
preventing this ping.
What are your settings for:
FW_MASQ_NETS
FW_ROUTE
FW_MASQ_DEV
FW_PROTECT_FROM_INTERNAL
Jim
09/04/01 12:57:59 PM, "Peter Menzel"
echo-reply back. echo-requests from the internet have to be dropped at the firewall. Has anyone experienced these problems? Any help would be appreciated.
Thanks in advance, Peter peter.menzel@com-gmbh.de
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com