--- "Frank W.Kooistra"
Hi Patrick
we are all stupid sometimes : But if you fail to get SuSEfirewall2 working, i wonder if you are rellay helped by introducing a strange script.
Why do you not send the settings you propose to use and there will be enough people ready here to guide you ?
Regards
Frank
hi frank, my main problem as you can see is how the port 25 (smtp) doesnt work. what i want: i have postfix running and would like it to flter mail and then forward it. but it never even sees the mails. which is why i am forwarding it now in and out without postfix. and thats one of the things that dont work the way theyre supposed to. ping the firewall intern and extern is still possible whatever i set is another issue. heres the firewall setting ( outer firewall): FW_DEV_EXT="eth1" FW_DEV_INT="eth0" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.xx.0/24 192.168.zz.11" # actaully outer of 2 firewalls, should receive and translate packets from inner router and the mailserver FW_PROTECT_FROM_INTERNAL="yes" FW_AUFW_SERVICES_EXT_TCP="ssh 443 25" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_INT_TCP="ssh 443 25" # should deliver mail to postfix, does not FW_TRUSTED_NETS="192.168.xx.yy,tcp,22 192.168.xx.yy,tcp,80 192.168.xx.yy,tcp, 10000 " # only few services from intern FW_ALLOW_INCOMING_HIGHPORTS_TCP="no" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="192.168.57.11,0/0,tcp,25" FW_FORWARD_MASQ="0/0,192.168.57.11,tcp,25 192.168.57.11,194.25.242.123,tcp,25" # actions of desperation, mails either dont go in or out or both #FW_REDIRECT="0/0,62.157.172.14,tcp,25,25" # clever idea, redirect to local machine port 25 so #postfix can handle its mail. does not work # FW_LOG_DROP_CRIT="yes" # FW_LOG_DROP_ALL="yes" # FW_LOG_ACCEPT_CRIT="yes" # FW_LOG_ACCEPT_ALL="no" # FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE- FW FW_KERNEL_SECURITY="no" FW_STOP_KEEP_ROUTING_STATE="yes" # FW_ALLOW_PING_FW="yes" # FW_ALLOW_PING_DMZ="yes" # FW_ALLOW_PING_EXT="no" # didnt try all combinations, but ping stll works outside -> fw and inside ->out ===== Mit freundlichen Gruessen Patrick Thempel mail:patrick_thempel@yahoo.com __________________________________________________ Do you Yahoo!? U2 on LAUNCH - Exclusive greatest hits videos http://launch.yahoo.com/u2