On Thursday 06 December 2001 16:24 pm, Theo.Sean Schulze wrote:
Several days ago I got my 7.3 update system to use ADSL. For quite some time I couldn't figure out why it wouldn't work. Ifconfig showed ppp0 bound to an IP address that it couldn't have unless I was connect to my ISP, but I still wasn't getting anything. Then I checked /var/log/firewall and realized that the returning DNS packets were being blocked by the firewall. I am using SuSEfirewall2. The messages I was getting are similar to this one:
We just went through this in the past two days.... There is a bug in the distributed firewall2. When you start your ppp0 connection, and also firewall2, it will not work right. Try this to check on the bug. 1) Connect as normal. (which blocks everything) 2) Issue: SuSEfirewall2 stop 3) Issue: SuSEfirewall2 start If it works after (3), you have the bug. There is an update on the ftp sight under 'firewall' Nothing for firewall2. The problem is in /etc/ppp/ip-up
Dec 1 18:36:37 dragoon kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC= SRC=xxx.xxx.xxx.xxx DST=xxx.xxx.xxx.xxx LEN=246 TOS=0x00 PREC=0x00 TTL=249 ID=49863 DF PROTO=UDP SPT=53 DPT=33534 LEN=226
I have tried several configurations of SuSEfirewall2, but have not been successful in getting it to allow packets through to ppp0. ppp0 is bound to my second NIC, eth1, which has address 192.169.0.100 on my internal network here at home. Here is what firewall2.rc.config looks like (minus the comments and configuration instructions):
# This setting is done in /etc/rc.config (START_FW2="yes") START_FW2 is set to yes in /etc/rc.config
FW_DEV_EXT="eth1 ippp0 ppp0" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.0.0/24" FW_PROTECT_FROM_INTERNAL="yes" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="smtp domain" FW_SERVICES_EXT_UDP="domain" # Common: domain FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="ssh smtp domain ntp ftp" FW_SERVICES_INT_UDP="domain syslog ntp" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="192.168.0.5,tcp,139 192.168.0.6,tcp,139" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="yes" # Autodetect the services below when starting FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="yes" FW_FORWARD="" # Beware to use this! FW_FORWARD_MASQ="" # Beware to use this! FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" # only change/activate this if you know what you are doing! FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="no" FW_STOP_KEEP_ROUTING_STATE="yes" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" FW_ALLOW_FW_TRACEROUTE="no" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="yes" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="no" #FW_CUSTOMRULES="/etc/rc.config.d/firewall2-custom.rc.config"
The only way I am able to use ADSL right now is to stop SuSEfirewall2 while I am surfing, and then restarting it when I am finished. Since that is dangerous, and since it shuts down forwarding, this isn't a long term solution. :-) Anyone have any ideas what I need to do to get this working? Any other settings I need to provide?
Also, has anyone else noticed that their ADSL connection is by demand when on the console, but goes to manual dial via kinternet when KDE is started up?
Cheers, Sean.
-- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 12/06/01 17:14 + +----------------------------------------------------------------------------+ "If the aborigine drafted an I.Q. test, all of Western civilization would presumably flunk it." - Stanley Garn