# Context:
I am using a SpeedTouch USB modem under SuSE8.1 to connect to Internet.
I had problems setting up and running the version of SuSEfirewall2 that came
with the 8.1 cd's becasue it errored out during the initial setup.
# To get SuSEfirewall2 up and running and properly setup for my SpeedTouch
USB modem
# I had to do the following things:
#1
# Use apt-get to install a new version SuSEfirewall2 . I installed 3.1-2
#2
# Modify the following ***2*** options of SuSEfirewall2 .
vi /etc/sysconfig/SuSEfirewall2
# 1.)
# Should the Firewall run in quickmode?
FW_QUICKMODE="yes"
# 2.)
# Which is the interface that points to the internet/untrusted networks?
FW_DEV_EXT="ppp0"
#3
# Add the two following soft links under /etc/init.d/rc5.d as they were no
to be found.
# Note : You might have to change the first 3 letters in order to get the
start up order correct
cd /etc/init.d/rc5.d
ln -s ../SuSEfirewall2_setup S03SuSEfirewall2_setup
ln -s ../SuSEfirewall2_final S04SuSEfirewall2_final
Every SuSEfirewall2 now works and it tested out ok at Gibsons "Shields Up"
Most ports were Stealth, 3 ports (tcp, pop3 and ?) were marked "Closed"
Thanks for all the help.
Ciao
James Pearson
E mail (mai) : james.pearson@wanadoo.fr
E mail (bur) : james.pearson@wanadoo.com
Web page: http://perso.wanadoo.fr/j.pearson/
What you make of your life is up to you.
You have all the tools and resources you need.
----- Original Message -----
From: "Togan Muftuoglu"
* FX Fraipont;
on 08 Nov, 2002 wrote: # FW_MASQ_NETS="0/0"
????? it would be better in my opinion to say which networks is masquearded ie 192.168.1.0/24 much safer
# For FW_SERVICES_*_IP enter the protocol name (like "igmp") or number ("2") # # Common: smtp domain FW_SERVICES_EXT_TCP="http 80 pop3 smtp 25 ssh telnet " ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ http and 80 smtp and 25
just say "www smtp" and if yopuare using telnet why bother with ssh ?
# Common: domain FW_SERVICES_EXT_UDP="www"
www is TCP not UDP
# # Common: ssh smtp domain FW_SERVICES_INT_TCP="ssh smtp 25 26 143 www 80"
"ssh smtp 26 143 www"
FW_ALLOW_INCOMING_HIGHPORTS_TCP="2500 143" ^^^^ 143 is not a highport
# Common: "DNS" or "domain ntp", better is "yes" to be sure ... FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
I would have put just "DNS" makes more secure
# if everything still works. (It should!) ;-) # # Choice: "yes" or "no", if not set defaults to "yes" # FW_KERNEL_SECURITY="no"
yes is much better
This is my opinion your mileage may vary
--
Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com