Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] Re: SuSEfirewall2 blocks all external network traffic to or from any computer on my nework, including the firewall-machine itse
  • From: Steffen Dettmer <steffen@xxxxxxx>
  • Date: Thu, 31 Jan 2002 10:21:34 +0100
  • Message-id: <20020131102134.B4434@xxxxxxxxx>
* Sebastian J. Bronner wrote on Wed, Jan 30, 2002 at 02:03 -1000:
> On Tuesday 29 January 2002 23:15, Steffen Dettmer wrote:
> > > > > FW_DEV_EXT="eth0:0"
> > > > > FW_DEV_INT="eth0"
> >
> > Did you tried:
> >
> > FW_DEV_EXT="eth0"
> > FW_DEV_INT="eth0"
>
> I have. It does not work either. It worked with SuSEfirewall(1), but now
> with SuSEfirewall2, the examples explicitly state that the eth0:0 syntax can
> be used.

Huh?! The example tells, "eth0:0" is a device? I think it's only
some syntax for ifconfig and similar tools. There is no
difference between eth0:0 and eth0 execpt the IP.

I cannot imagine that SuSEfirewall2 states that eth0:0 is a
device (otherwise it was a good idea not to use it :) SCNR). But
maybe it's just some shorthand for something. Who knows.

> > Really cool statement, plugging the internal network into the big
> > bad internet, configuring a firewall with a single network card
> > and finally think about traffic collisions... hum.
>
> At this point, find your input hardly constructive.

Yes, you're right, not very constructive saying. But this is not
entirely wrong. Single-NIC firewalls are no real firewalls, since
they are not able to really drop any packets, since it's the same
wire.

> It seems as though you are trying to show everyone else what a
> great network administrator you are, rather than seriously
> trying to add to the pool of knowledge.

Now you are not constructive. And this is not a statement you are
"allowed" to make as question maker. I spent my free time to try
to help you, and you come with such things, this is not nice.

> I have a script that works that I can use until I get SuSEfirewall2 working,
> but that is not an optimal configuration, as it does not integrate nicely
> with the other processes,

What does this mean? You made a small script that sets up some
firewall rules? Why isn't this integrating nicely?

> but is rather tacked on to the booting process as
> an afterthought. In SuSEfirewall, masquerading is performed on the indicated
> interfaces, but limited to a subnet specified with another variable.

like "--source $home --dest ! $home --dev device"? In this case,
the device usually shouldn't matter at all. I don't think it's
very logic to do address translation "on" a interface. Well, at
least you can now compare your rules with the rules generated by
SuSEfirewall and adapt Sfw2 to your needs.

oki,

Steffen

--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.

< Previous Next >