Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
SuSEfirewall5.1
  • From: Togan Muftuoglu <toganm@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Wed, 30 Jan 2002 14:03:26 +0200
  • Message-id: <20020130140326.A2297@xxxxxxxxxxxx>
Hi,

I have a setup as follows

Internet =pppoe fixed ip LAN= eth0 192.168.1.0/24
DMZ= eth2 192.168.2.0/29

I have set SuSE firewall 5.1 on the Firewall/router box and on the DMZ
box.

Evertyhing works fine until LAN starts a rsync or an ftp request. Then
the commnication to LAN drops down I need to bring eth0 down and up again. If it's mail or web traffic everything works fine. Below is my setup for the main firewall. What do I need to stop the LAN from droping

FW_DEV_WORLD="ppp0"

FW_DEV_INT="eth0"

FW_DEV_DMZ="eth2"
FW_ROUTE="yes"

FW_MASQUERADE="yes"

FW_MASQ_NETS="192.168.1.0/24"

FW_MASQ_DEV="$FW_DEV_WORLD"

FW_PROTECT_FROM_INTERNAL="yes"

FW_AUTOPROTECT_GLOBAL_SERVICES="yes"

FW_SERVICES_EXTERNAL_TCP="22 25 80 443"
FW_SERVICES_EXTERNAL_UDP=""

FW_SERVICES_DMZ_TCP="domain ssh 80 443"
FW_SERVICES_DMZ_UDP="domain"

FW_SERVICES_INTERNAL_TCP="21 22 25 53 110 119 161 162 873 6667"
FW_SERVICES_INTERNAL_UDP="domain 161 162"
FW_SERVICES_INTERNAL_IP=""

FW_TRUSTED_NETS="192.168.1.3"

FW_SERVICES_TRUSTED_TCP="ssh 161:162"
FW_SERVICES_TRUSTED_UDP="ssh 161:162"
FW_SERVICES_TRUSTED_IP=""

FW_SERVICES_TRUSTED_ACL=""

FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS"

FW_SERVICE_DNS="no"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="no"
FW_SERVICE_SAMBA="no"

FW_FORWARD_TCP="192.168.1.3,192.168.2.2,22 \
192.168.1.3,192.168.2.2,161:162"
FW_FORWARD_UDP="192.168.1.3,192.168.2.2,161:162"
FW_FORWARD_IP=""

FW_FORWARD_MASQ_TCP="0/0,192.168.2.2,80 0/0,192.168.2.2,443\
216.200.145.35,192.168.1.3,25 216.200.145.36,192.168.1.3,25\
216.200.145.37,192.168.1.3,25 216.200.145.38,192.168.1.3,25 "

FW_FORWARD_MASQ_UDP=""
# Redirect TCP connections
FW_REDIRECT_TCP="192.168.1.0/24,0/0,21,21 192.168.1.0/24,0/0,6667,7666"
# Redirect UDP connections
FW_REDIRECT_UDP=""

# Log critical denied network packets
FW_LOG_DENY_CRIT="yes"
# Log all denied packets
FW_LOG_DENY_ALL="no"
# Log critical accepted packets
FW_LOG_ACCEPT_CRIT="yes"
# Log all accepted packets
FW_LOG_ACCEPT_ALL="no"

FW_KERNEL_SECURITY="no"

FW_STOP_KEEP_ROUTING_STATE="yes"
# Allow ping on firewall
FW_ALLOW_PING_FW="yes"
# Allow ping on DMZ targets
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_FW_TRACEROUTE="no"

FW_ALLOW_FW_SOURCEQUENCH="yes"

#using ftp-proxy so redirect 21 ->
#using tircproxy so redirect 6667 ->7666
FW_MASQ_MODULES="autofw cuseeme mfw portfw h323 quake raudio user vdolive"

FW_CUSTOMRULES="/etc/rc.config.d/firewall-custom.rc.config"


< Previous Next >
This Thread
  • No further messages