* dave cunningham; <dave@upsilon.org.uk> on 10 Nov, 2002 wrote:
Trying to ping www.suse.com from the firewall box gives this message in the firewall log
" SuSE-FW-UNALLOWED-TARGETIN=ippp0 OUT= MAC= SRC=195.112.4.7 DST=62.136.92.111 LEN=1 44 TOS=0x00 PREC=0x00 TTL=59 ID=12419 PROTO=UDP SPT=53 DPT=1090 LEN=124
here 192.112.4.7 send s packet from port 53 to your computer 1090. Prptocl is udp and this is DNS reply
SuSE-FW-UNALLOWED-TARGETIN=ippp0 OUT= MAC= SRC=195.112.4.4 DST=62.136.92.111 LEN=1 "
where 195.112.4.4 / 195.112.4.7 are my ISP's DNS servers (statically assigned) and 62.136.92.111 is the dynamic IP address that has been assigned by my ISP for the session.
FW_ALLOW_INCOMING_HIGHPORTS_UDP="domain time ntp"
In order to have the DNS replies being accepted (which is not the case in your config is because this part needs to have DNS or yes (DNS is safer it will accept DNS replies only from namerserver listed in your /etc/resolve.conf. Time is port 37 and ntp is 123 so they are not gigh ports It would not help to put them here. Try with FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx