* David (dg@stanwater.fsnet.co.uk) [011205 15:24]:
On Wed, 5 Dec 2001 12:19:09 -0800, Christopher Mahmood wrote:
* David (dg@stanwater.fsnet.co.uk) [011205 12:07]:
That seems to get it to work, but does not allow any outside communication.
That's a firewall.
That's being pedantic - surely you know what I mean.
Yes, but that is what's supposed to do.
Why are you trying to use the SuSEfirewall2 and not the personal firewall?
That was the consensus of the advice here. As I understand it, it uses iptables instead of ipchains, the former being more secure
That's very debatable. In theory, yes iptables has lots of nice features like stateful inspection that that ipchains doesn't. In reality, the 2.4 kernel hasn't seen nearly the amount of abuse that 2.2 has and undoubtedly has lots of bugs yet to be found. Unless you there's a feature of iptables that you must have, I'd reconsider. I haven't followed this thread so I'm probably missing something, but it sounds like you don't really know much about this sort of thing and don't care to--you just want a simple, easy to configure firewall so you can get on with actually using your system instead of twidling with a firewall script that is overkill for what you need. That is exactly what the personal one is designed for.
Are there any basic settings I can use?
See /usr/share/doc/packages/SuSEfirewall/EXAMPLES
In any case taking the first example which is FW_DEV_EXT="pppo" causes the firewall fail to load, so the examples cannot be trusted.
That's '0', not an 'o'. So what you want is to setup your linux box as a firewall and also use it to masquerade a private network for your windows machine(s). I.e., (big bad world) | | __windows 1 (linux box)---<__ windows 2 ^ \ (there will be a switch or hub there probably) I don't know what your connection is to outside but I'll assume it's DSL or cable modem so that you have two ethernet cards in the machine. Then, should only have to set FW_DEV_WORLD="eth0" # it might be eth1 depending on the ordering # of your cards FW_DEV_INT="eth1" # eth0 if FW_DEV_WORLD=eth1 FW_ROUTE="yes" # this will allow routing between eth1 and eth0 FW_MASQUERADE="yes" FW_MASQ_NETS="192.168.0.0/24" That last one allows you to have a private class C network for your windows machines so your windows machines can use 192.168.0.2 through 192.168.0.254 with a netmask of 255.255.255.0 and a gateway of 192.168.0.1 or whatever ip address on the 192.168.0.0/24 network you give the internal interface on the linux box. The rest you can leave with the default values. -- -ckm