Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] Firewall rejects HTTP request
I believe that you need to setup:
firewall2-custom.rc.comfog

In the fw_custom_before_antispoofing section add:

iptables -A INPUT -i <external facing interface> -s <internal local network> -d <external IP
address> -j ACCEPT

Then you will need to change the firewall2.rc.config to read the custom file. This is near
the end of the file.

The problem with this for you is that the IP addresses are hard coded. I am sorry, I do not
have the time to research how to do this with a dynamic IP, I would assume that many
here know what to do.

SuSEfirewall normally blocks access to the external interface from the internal network
(including the server which is considered part of the local network).

Hope this gives you a start.

Jim



12/13/01 12:29:06 PM, Heiko Gottschling <gottschl@xxxxxxxxx> wrote:

>Hi,
>
>I have SuSE 7.2 running and want to be able to access my (stand-alone)
>machine from the internet. Here's what I did:
>
>I set up /etc/rc.config.d/firewall.rc.config with these values, leaving all
>others to default:
>
>FW_DEV_WORLD="ippp0"
>FW_SERVICES_EXTERNAL_TCP="www"
>
>I then trigger the dial-up process, query my dynamic IP number and point my
>web browser to that IP address (the browser is configured to use a proxy so
>that the request is actually sent over the net)
>
>However, the request is rejected and /var/log/firewall says:
>
>Dec 13 18:58:12 linux kernel: Packet log: rulchain REJECT ippp0 PROTO=6
>145.253.2.237:48135 212.144.144.9:80 L=60 S=0x00 I=11823 F=0x0000 T=56 SYN
>(#8)
>
>If I call 'SuSEfirewall stop', everything works fine... any advice on how to
>configure the firewall to get this working?
>
>thx
>Heiko
>
>--
>To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
>For additional commands, e-mail: suse-security-help@xxxxxxxx
>
>




< Previous Next >
References