Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] Re: SuSEfirewall2 blocks all external network traffic to or from any computer on my nework, including the firewall-machine itse
  • From: Steffen Dettmer <steffen@xxxxxxx>
  • Date: Thu, 31 Jan 2002 10:21:34 +0100
  • Message-id: <20020131102134.B4434@xxxxxxxxx>
* Sebastian J. Bronner wrote on Wed, Jan 30, 2002 at 02:03 -1000:
> On Tuesday 29 January 2002 23:15, Steffen Dettmer wrote:
> > > > > FW_DEV_EXT="eth0:0"
> > > > > FW_DEV_INT="eth0"
> >
> > Did you tried:
> >
> > FW_DEV_EXT="eth0"
> > FW_DEV_INT="eth0"
> I have. It does not work either. It worked with SuSEfirewall(1), but now
> with SuSEfirewall2, the examples explicitly state that the eth0:0 syntax can
> be used.

Huh?! The example tells, "eth0:0" is a device? I think it's only
some syntax for ifconfig and similar tools. There is no
difference between eth0:0 and eth0 execpt the IP.

I cannot imagine that SuSEfirewall2 states that eth0:0 is a
device (otherwise it was a good idea not to use it :) SCNR). But
maybe it's just some shorthand for something. Who knows.

> > Really cool statement, plugging the internal network into the big
> > bad internet, configuring a firewall with a single network card
> > and finally think about traffic collisions... hum.
> At this point, find your input hardly constructive.

Yes, you're right, not very constructive saying. But this is not
entirely wrong. Single-NIC firewalls are no real firewalls, since
they are not able to really drop any packets, since it's the same

> It seems as though you are trying to show everyone else what a
> great network administrator you are, rather than seriously
> trying to add to the pool of knowledge.

Now you are not constructive. And this is not a statement you are
"allowed" to make as question maker. I spent my free time to try
to help you, and you come with such things, this is not nice.

> I have a script that works that I can use until I get SuSEfirewall2 working,
> but that is not an optimal configuration, as it does not integrate nicely
> with the other processes,

What does this mean? You made a small script that sets up some
firewall rules? Why isn't this integrating nicely?

> but is rather tacked on to the booting process as
> an afterthought. In SuSEfirewall, masquerading is performed on the indicated
> interfaces, but limited to a subnet specified with another variable.

like "--source $home --dest ! $home --dev device"? In this case,
the device usually shouldn't matter at all. I don't think it's
very logic to do address translation "on" a interface. Well, at
least you can now compare your rules with the rules generated by
SuSEfirewall and adapt Sfw2 to your needs.



Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.

< Previous Next >