Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
Problems with a simple Firewall2 config
  • From: "Knut Erik Hauslo" <KNUTH@xxxxxxxxxxxx>
  • Date: Tue, 15 Jul 2003 13:12:58 +0200
  • Message-id: <876E796441495649AB4AE82092A0784A3D8D21@xxxxxxxxxxxxxx>
Hi all,

This should be rather easy going, but I am experiencing problems. My
network looks as follows:
+-- External Net 192.168.1.0/24 --> (Eth1) SuSE 8.1 Firewall2 (Eth0)
<--- Internal Net 172.19.0.0/16

On my Internal Net there's a web-server, which machines on the extern
net may access. Using my Sniffer i can see packets going into the
internal net, but I receive nothing back, because the initiating machine
sends packets with destination port 80 TCP and sources port > 1024 TCP
which I have not explicitely opend.

The other way around is working fine (accessing HTTP and FTP resources
on the external network).

The configuration file:
FW_DEV_EXT="eth1"
FW_DEV_INT="eth0"
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="172.19.0.0/16,0/0,tcp,20 172.19.0.0/16,0/0,tcp,21
172.19.0.0/16,0/0,tcp,80"
FW_FORWARD_MASQ="0/0,172.19.6.10,tcp,80"
FW_TRUSTED_NETS=""
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"
FW_PROTECT_FROM_INTERNAL="no"
FW_LOG_DROP_CRIT="yes"
FW_LOG_ACCEPT_CRIT="no"
FW_LOG_DROP_ALL="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG="--log-level warning --log-tcp-options --log-ip-option
--log-prefix SuSE-FW"
FW_ALLOW_PING_FW="yes"
FW_IGNORE_FW_BROADCAST="yes"


What am I doing wrong?

Any hints are deeply appreciated.

Cheers,
Knut Erik

< Previous Next >
This Thread
  • No further messages