Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
SuSEFirewall2
  • From: "andre@do" <andre@xxxxxxxx>
  • Date: Sat, 23 Feb 2002 13:47:43 +0200
  • Message-id: <3C77815F.6020500@xxxxxxxx>
Hi All,

Firstly my config as follows :

SuSE 7.3 - 2.4.16 kernel

firewall2 config :

FW_DEV_EXT="eth0"
FW_DEV_INT="eth2"
FW_DEV_DMZ="eth1"
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"

FW_MASQ_NETS="192.168.1.0/24"

FW_PROTECT_FROM_INTERNAL="yes"
FW_AUTOPROTECT_SERVICES="yes"
FW_SERVICES_EXT_TCP="22"
FW_SERVICES_EXT_UDP=""
FW_SERVICES_EXT_IP=""
FW_SERVICES_DMZ_TCP="25 80"
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_INT_TCP=""
FW_SERVICES_INT_UDP=""
FW_SERVICES_INT_IP=""

FW_TRUSTED_NETS=""
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
FW_SERVICE_AUTODETECT="yes"
FW_SERVICE_DNS="no"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="no"
FW_SERVICE_SQUID="no"
FW_SERVICE_SAMBA="no"

FW_FORWARD="0/0,100.100.100.100,tcp,80 0/0,100.100.100.100,tcp,25"

FW_FORWARD_MASQ=""
FW_REDIRECT=""
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="yes"
FW_ALLOW_PING_EXT="yes"
FW_ALLOW_FW_TRACEROUTE="yes"
FW_ALLOW_FW_SOURCEQUENCH="yes"
FW_ALLOW_FW_BROADCAST="no"
FW_IGNORE_FW_BROADCAST="yes"
FW_ALLOW_CLASS_ROUTING="yes"
FW_CUSTOMRULES="/etc/rc.config.d/firewall2-custom.rc.config"



added : route add 100.100.100.100 dev eth1
and : echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

route shows all routes is up

now : when i turn the firewall off i can ping the webserver&mailserver in DMZ and i can ping the pvt. subnet.

When i turn the firewall on the pvt subnet can get to the internet
but nothing gets in our out from the DMZ

var/log/firewall = DROP-ANTISPOOFING 100.100.100.100


Without changing the iptables rules (I trust mark's rules explicitly)
can someone please tell me what i am doing wrong on this FW2 config

there must be something very basic that i am missing ?



Thank you so much for reading this long post.

tia


andre





< Previous Next >
This Thread
  • No further messages