Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
DHCLIENT, masquarding and firewall
  • From: Ryan Allen <ryan@xxxxxxxxxxxxxx>
  • Date: Sun, 2 Dec 2001 16:14:47 -0800
  • Message-id: <20011202161447.B2613@xxxxxxxxxxxxxx>
Hi SuSE Security,

I'm new to this list. Due to changed to Excite at home shutting down, I
had to make some changes to my firewall config. I used to have a static
IP and everything worked great, but now I have a dynamic IP assigned via
DHCP. Behind my SuSE 7.1 machine, I'm running a LAN that uses
masquerading through the SuSE machine.

I'm getting my DHCP offer just fine, and have hull access to the
Internet from my SuSE machine, but I cannot access the Internet from any
machine behind the SuSE machine. I've tweaked everything I can in
/etc/rc.config.d/firewall.rc.config and restarted my firewall many
times. Any ideas?

I'm running kernel 2.4.2, if it makes a difference??

thanks in advanced!

-- Ryan


here is my firewall config:

FW_DEV_WORLD="eth1"
FW_DEV_INT="eth0"
FW_DEV_DMZ=""
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_NETS="10.10.55.0/24"
FW_MASQ_DEV="$FW_DEV_WORLD" # e.g. "ippp0" or "$FW_DEV_WORLD"
FW_PROTECT_FROM_INTERNAL="no"
FW_AUTOPROTECT_GLOBAL_SERVICES="yes" # "yes" is a good choice
FW_SERVICES_EXTERNAL_TCP="20 21 22 80 8080 6346" # Common: smtp domain
FW_SERVICES_EXTERNAL_UDP="20 21 " # Common: domain
FW_SERVICES_EXTERNAL_IP="" # For VPN/Routing which END at the firewall!!
#
FW_SERVICES_DMZ_TCP="" # Common: smtp domain
FW_SERVICES_DMZ_UDP="" # Common: domain syslog
FW_SERVICES_DMZ_IP="" # For VPN/Routing which END at the firewall!!
#
FW_SERVICES_INTERNAL_TCP="" # Common: ssh smtp domain
FW_SERVICES_INTERNAL_UDP="" # Common: domain syslog
FW_SERVICES_INTERNAL_IP="" # For VPN/Routing which END at the firewall!!

FW_TRUSTED_NETS=""
FW_SERVICES_TRUSTED_TCP="" # Common: ssh
FW_SERVICES_TRUSTED_UDP="" # Common: syslog time ntp
FW_SERVICES_TRUSTED_IP="" # For VPN/Routing which END at the firewall!!

FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" # Common: "ftp-data" (sadly!)
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" # Common: "DNS" or "domain ntp"

FW_SERVICE_DNS="no" # if yes, FW_SERVICES_*_TCP needs to have port 53
# (or "domain") set to allow incoming queries.
# also FW_ALLOW_INCOMING_HIGHPORTS_UDP needs to be "yes"
FW_SERVICE_DHCLIENT="yes" # if you use dhclient to get an ip address
# you have to set this to "yes" !
FW_SERVICE_DHCPD="no" # set to "yes" if this server is a DHCP server
FW_SERVICE_SAMBA="no" # set to "yes" if this server uses samba as client
# or server. As a server, you still have to set
# FW_SERVICES_{WORLD,DMZ,INT}_TCP="139"
# Everyone may send you udp 137/138 packets if set
# to yes! (samba on the firewall is not a good idea!)

FW_FORWARD_TCP="" # Beware to use this!
FW_FORWARD_UDP="" # Beware to use this!
FW_FORWARD_IP="" # Beware to use this!

FW_FORWARD_MASQ_TCP="" # Beware to use this!
FW_FORWARD_MASQ_UDP="" # Beware to use this!
FW_REDIRECT_TCP=""
FW_REDIRECT_UDP=""

FW_LOG_DENY_CRIT="yes"
FW_LOG_DENY_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"

FW_KERNEL_SECURITY="yes"

FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"

##
# END of rc.firewall
##
#-------------------------------------------------------------------------#
# #
# EXPERT OPTIONS - all others please don't change these! #
# #
#-------------------------------------------------------------------------#
# #

FW_ALLOW_FW_TRACEROUTE="no"
FW_ALLOW_FW_SOURCEQUENCH="yes"
FW_MASQ_MODULES="autofw cuseeme ftp irc mfw portfw quake raudio user vdolive"
#FW_CUSTOMRULES="/etc/rc.config.d/firewall-custom.rc.config"


< Previous Next >