* Sebastian J. Bronner wrote on Wed, Jan 30, 2002 at 02:03 -1000:
On Tuesday 29 January 2002 23:15, Steffen Dettmer wrote:
FW_DEV_EXT="eth0:0" FW_DEV_INT="eth0"
Did you tried:
FW_DEV_EXT="eth0" FW_DEV_INT="eth0"
I have. It does not work either. It worked with SuSEfirewall(1), but now with SuSEfirewall2, the examples explicitly state that the eth0:0 syntax can be used.
Huh?! The example tells, "eth0:0" is a device? I think it's only some syntax for ifconfig and similar tools. There is no difference between eth0:0 and eth0 execpt the IP. I cannot imagine that SuSEfirewall2 states that eth0:0 is a device (otherwise it was a good idea not to use it :) SCNR). But maybe it's just some shorthand for something. Who knows.
Really cool statement, plugging the internal network into the big bad internet, configuring a firewall with a single network card and finally think about traffic collisions... hum.
At this point, find your input hardly constructive.
Yes, you're right, not very constructive saying. But this is not entirely wrong. Single-NIC firewalls are no real firewalls, since they are not able to really drop any packets, since it's the same wire.
It seems as though you are trying to show everyone else what a great network administrator you are, rather than seriously trying to add to the pool of knowledge.
Now you are not constructive. And this is not a statement you are "allowed" to make as question maker. I spent my free time to try to help you, and you come with such things, this is not nice.
I have a script that works that I can use until I get SuSEfirewall2 working, but that is not an optimal configuration, as it does not integrate nicely with the other processes,
What does this mean? You made a small script that sets up some firewall rules? Why isn't this integrating nicely?
but is rather tacked on to the booting process as an afterthought. In SuSEfirewall, masquerading is performed on the indicated interfaces, but limited to a subnet specified with another variable.
like "--source $home --dest ! $home --dev device"? In this case, the device usually shouldn't matter at all. I don't think it's very logic to do address translation "on" a interface. Well, at least you can now compare your rules with the rules generated by SuSEfirewall and adapt Sfw2 to your needs. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.