Am Samstag, 5. Februar 2005 02:47 schrieb Paul Elliott:
On Fri, Feb 04, 2005 at 01:06:36PM +0100, Markus Feilner wrote:
Well, you can user a custom script and add your own rules - learning this will provide you with the ability to allow/forbid any service/traffic you like, independent from SuSEfirewall's capabilities... But I would advise you to use a local caching-only dns server - setup is very easy with suse - it's in the handbook. then open dns ports on your server to the internal net and that's it. The advantages are (a little) fewer dialups, probably faster dns name resolution, and one type of connection less from your internal Pcs to the internet. Furthermore, you can control the dns-resolution centrally. Did that help?
Does this mean that there is no easy way with SuSEfirewall2, to allow hosts on the internal network to use specific dns servers on the external network? Sure there is. But why would you? Is there a necessity?
- The easiest way is an caching-only dns server. definitely. RTFM + five minutes. - The second easiest is ading three (or four) lines of iptables to a custom script. - The third way is to read about SuSEfirewall and add the right source IP/ destination IP/protocol/port to FW_FORWARD, and FW_ALLOW_INCOMING_HIGHPORTS_UDP opening the right ports in external/internal udp (port 53) and check if it works. But: The third solution needs as much reading as the others, but it don't get you that far. ;-). The first solution is the most secure one (beat me if I'm telling nonsense, list... ;-) -- Mit freundlichen Grüßen Markus Feilner --------------------------- Bitte beachten Sie unsere neuen Adressdaten! Vielen Dank. --------------------------- Feilner IT Linux & GIS Linux Solutions, Training, Seminare und Workshops - auch Inhouse Beraiterweg 4 93047 Regensburg fon +49 941 9465243 fax +49 941 9465244 mobil + +49 170 3027092 mail mfeilner@feilner-it.net web http://www.feilner-it.net