On Sunday 09 December 2001 14:17 pm, Stuart Powell wrote:
Hello, David.
In the rc.config you'll find a setting for FW_SERVICES_INT_TCP and FW_SERVICES_INT_UDP. Add the ports that you need to access in here, and it should work. On my box here, for example, I have
FW_PROTECT_FROM_INTERNAL=yes FW_AUTOPROTECT_SERVICES=yes FW_SERVICES_INT_TCP=10000 FW_SERVICES_INT_UDP=10000
In my view, the thing to do is the use: FW_PROTECT_FROM_INTERNAL=no and then you don't need any of the other _INT settings. If it's a home LAN, why protect yourself from yourself? (unless your lazy brother_in_law is a linux cracker and uses your internal lan :o)
This is the only port I have enabled (it's for Webmin) and I could probably lose one of the UDP or TCP entries; I'm just too lazy to work out which one it should be, so I enabled both.
If you wanted Telnet, FTP and SWAT enabled, for example, an entry might look like this:-
FW_SERVICES_INT_TCP=ftp telnet 901 FW_SERVICES_INT_UDP=ftp telnet 901
Again, these services are probably only using one or other of TCP or UDP. The smallest amount of trial and error would probably tell me which uses which.
Bye for now, Stuart.
-----Original Message----- From: David [mailto:dg@stanwater.fsnet.co.uk] Sent: 09 December 2001 17:29 To: Suse mail list Subject: Re: [SLE] Suse Firewall2 allowing LAN to connect
Thanks Jaakko
However that does not work. I could not find that line in firewall2.rc.config to edit, so I put it in, but no go.
There are 2 lines there that I thought would do it. FW_PROTECT_FROM_INTERNAL="yes" FW_AUTOPROTECT_SERVICES="yes"
I set both to no but it won't allow a connection. I stopped and started the firewall after each alteration. With it off access is allowed, so it is only the firewall stopping it.
Regards,
David
On Sun, 9 Dec 2001 15:26:09 +0200, Jaakko Tamminen wrote:
Hi
Protect_from_local=no
Jaska.
Viestissä Sunnuntai 9. Joulukuuta 2001 15:15, David kirjoitti:
What is the setting in Suse Firewall 2 that allows a Win computer to
connect
to it. I have looked in the examples and have put in the example 3 but the Win box is still blocked. Masquerading is enabled in rc-config. The
address
has been put into the firewall2.rc.config. Setup is direct cable connection (x-over) on Ethernet cards. Dial up
modem.
What else is needed please?
Regards,
David
-- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 12/09/01 14:55 + +----------------------------------------------------------------------------+ "Change is inevitable, except from a vending machine."