-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 28 March 2002 16:12, you wrote:
Hi
I just wanted to mention something else. Does it make a difference wether the firewall2 is run from the user ROOT or any other user? I would think not, but..... Thank you Thomas
Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards® http://movies.yahoo.com/
Hi Thomas, FW_MASQ_NETS="192.168.159.0" should be FW_MASQ_NETS="192.168.159.0/24" to tell the firewall scripts the netmask. Perhaps it helps to switch on logging for testing: FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="yes" after that you should see all packets passing your firewall in /var/log/messages IP_FORWARD="yes" does not need to be activated in rc.config (firewall overrules this entry), but the new entry START_FW2="yes" should exist. If you are dialing in via DSL you also have to modify the script /etc/ppp/ip-up. Change the entries for /sbin/SuSEfirewall to /sbin/SuSEfirewall2 and for START_FW to START_FW2. After dialing in you could check the routing on your firewall with route -n There should be an entry like 0.0.0.0 123.123.123.123 0.0.0.0 UG 0 0 0 ppp0 where 123.123.123.123 should be the ip as the one in the output of the ifconfig command for the ppp0 interface. Hope this helps Thorsten -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQA/AwUBPKM80sxavuzalNrsEQJ5dQCgx+6MCvyUPwDnH7UaVOkKZmd7KL0AoNPa WSf9C+BoAuT/iyPwxSUzLNVc =QfHH -----END PGP SIGNATURE-----