hi again You might want to change the entries in the firewall configuration file. It should have the appropriate settings for the proper ports and protocols. However, I am just working on that myself, since I get the same messages. Nevertheless, nothing to worry so far, the firewall should work properly anyway,
andreas
----- Original Message ----- From: Chris FitzGerald
To: Sent: Friday, November 08, 2002 9:38 AM Subject: [suse-security] SuSEfirewall start scripts Hi all,
I have my firewall up and running thanks to the firewall2.pdf i found in
list a few days ago ;)
But I still have a question :
When I boot the box it has:
firewall step 1 initialization some services firewall step 2 setup some other services firewall step 3 final named,squid service
I get the message : WARNING : NO DNS RUNNING, SQUIDSERVER RUNNING ALTHOUGH STATED IN SuSEfirewall2 file.
off course this is normal because they only start up AFTER the final
wow quick reply ;)
Well out of these 2 mails I know what to do ;)
1. I'll put the Firewall step 3 script at S99
2. Update the SuSEfirewall2 config file
3. put squid somewhere in the beginning S09 or S10 for runlevels 3 and 5
I assume the Kxx-scripts can be left untouched ?
;))
As for the ippp0, handy thing to know about. but luckely i am on cable for
the moment and just need the DHCP offer from the ISP,
so no dial-ups ;)
Thanks Again!
Regards
Chris
----- Original Message -----
Hi !
I tried it with linking the start script of the final firewall setup to
s99 (then ist really started last) and the script doesn't complain
about the missing services, it still complain about the missing
interface ippp0 because with 8.1 SuSe does not set a host route to the
interface (they set only a defaultroute if you use dial on demand) and
afair in SuSE 8.0 the fianl firewall script was executed last on
startup.. (so i guess that can't be wrong)
Take a look at /var/log/messages and you can see how long the real init
of squid takes
(i guess it takes longer than " starting www-proxy squid
done" appears on the display, and when you start the final firewall
setup, squid ist still not really up.
I read about another solution => uses the firewall of 8.0 :-)
At home i tried to setup fwbuilder (www.fwbuilder.org) but i think it
takes years (for me) to have a clue about this program :-)
Ciao
Gerd Hoerst
Department Electrical Engineering
TAKATA-PETRI AG
Bahnweg 1
D-63743 Aschaffenburg
Phone: +49-6021-65-1225
Mobile: +49-171-9781446
Fax: +49-6021-65-1119
e-mail: gerd.hoerst@eu.takata.com
----- Original Message -----
From: "Andreas Paffrath"
So I looked in my folders and did this :
I believe the firewall had : S11 or something like that and the named and squid this :
S13Named S18Squid
So I altered the numbers to 10 for both of them. right after Squid starts up the third script of the firewall runs and
tells me there is no squid server running althoughj stated in configfile.
Questions I had :
1. Is it safe to change the startup sequence like that for security reasons ? 2. If the script is parsed and doesn't find the servers, are the ports
still then
open or are they closed out of security and do they stay closed ? 3. Can I safely put SuSEfirewall2_final to S99 ?
Thanks in advance
regards
Chris FitzGerald Datacenter Supervisor Belgium