At 07:10 PM 03/18/00 GMT, Marcel Broekman wrote:
Hi Bill,
I am not much of an expert but I do have a few questions:
Seems your winbox (in this case) isn't allowed to use port 1152 and something at port 80 isn't allowed to get back to you. What does your hosts.deny and hosts.allow look like on your susebox?
They don't look like much. hosts.allow is empty (only comments), and hosts.allow only contains: http-rman : ALL EXCEPT LOCAL But I think I have a problem with the firewall setup. I can access remote web pages from the SuSE (IP_Masquerading) machine, but not from the Win98 machine on the internal network.
I suppose you have a static IP address because you set FW_SERVICE_DHCLIENT="no". If not set to "yes" (this shouldn't make any difference 'cause you can make a connection with the susebox, right?).
No I have a dynamic address assigned via PPP.
Did you try to set FW_STOP_KEEP_ROUTING_STATE="no" to "yes"?
Yes, I tried that -- and then stopping the firewall -- but no difference.
Did you set the default gateway to 192.168.10.99 on the winbox?
Yes. I don't think I would be seeing that /var/log/messages message otherwise.
>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 3/18/00, 5:35:11 PM, Bill Moseley
wrote regarding [SLE] Need help with Simple IP Masquerading: Ok, I've done my best to get this working over the last few days. And I know I'm missing something really obvious.
The SuSE box dials up my ISP fine, and Internet access works fine from this box. The Win98 box can access the SuSE box without a problem.
At this point all I want is masquerading -- the Win98 box on the internal network should have full access to the SuSE box services, too.
I get this in /var/log/messages when trying to access an external web site via the Win98 PC (the Win98 is 192.168.0.98).
Mar 18 07:53:08 SuSE kernel: Packet log: forward DENY ppp0 PROTO=6 192.168.0.98:1152 209.144.167.153:80 L=48 S=0x00 I=43797 F=0x4000 T=127 SYN (#2)
SuSE 6.3 firewal 2.0-5 loaded by rpm yesterday.
SuSE box: 192.168.10.99 Win98 box: 192.168.10.98
Using: /sbin/init.d/firewall start or SuSEfirewall start
/etc/rc.config: START_FW="yes"
FW_DEV_WORLD="ppp0" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_NETS="192.168.10.0/24" FW_MASQ_DEV="$FW_DEV_WORLD" # e.g. "ippp0" or "$FW_DEV_WORLD" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_GLOBAL_SERVICES="no" FW_SERVICES_EXTERNAL_TCP="" # Common: smtp domain FW_SERVICES_EXTERNAL_UDP="" # Common: domain FW_SERVICES_DMZ_TCP="" # Common: smtp domain FW_SERVICES_DMZ_UDP="" # Common: domain syslog FW_SERVICES_INTERNAL_TCP="" # Common: ssh smtp domain FW_SERVICES_INTERNAL_UDP="" # Common: domain FW_TRUSTED_NETS="" FW_SERVICES_TRUSTED_TCP="" # Common: ssh FW_SERVICES_TRUSTED_UDP="" # Common: syslog time ntp FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" # Common: "ftp-data" (sadly!) FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" # Common: "dns" FW_SERVICE_DNS="no" # if yes, FW_TCP_SERVICES_* needs to have port 53 FW_SERVICE_DHCLIENT="no" # if you use dhclient to get an ip address FW_SERVICE_DHCPD="no" # set to yes, if this server is a DHCP server FW_FORWARD_TCP="" # Beware to use this! FW_FORWARD_UDP="" # Beware to use this! FW_REDIRECT_TCP="" FW_REDIRECT_UDP="" FW_LOG_DENY_CRIT="yes" FW_LOG_DENY_ALL="yes" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_FW_TRACEROUTE="no" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_MASQ_MODULES="autofw cuseeme ftp irc mfw portfw quake raudio user vdolive"
Bill Moseley mailto:moseley@hank.org
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Bill Moseley mailto:moseley@hank.org -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/