Re: [Solved] [SuSE 8.1] USB SpeedTouch modem user can't start SuSEfirewall2

# Context: I am using a SpeedTouch USB modem under SuSE8.1 to connect to Internet. I had problems setting up and running the version of SuSEfirewall2 that came with the 8.1 cd's becasue it errored out during the initial setup. # To get SuSEfirewall2 up and running and properly setup for my SpeedTouch USB modem # I had to do the following things: #1 # Use apt-get to install a new version SuSEfirewall2 . I installed 3.1-2 #2 # Modify the following ***2*** options of SuSEfirewall2 . vi /etc/sysconfig/SuSEfirewall2 # 1.) # Should the Firewall run in quickmode? FW_QUICKMODE="yes" # 2.) # Which is the interface that points to the internet/untrusted networks? FW_DEV_EXT="ppp0" #3 # Add the two following soft links under /etc/init.d/rc5.d as they were no to be found. # Note : You might have to change the first 3 letters in order to get the start up order correct cd /etc/init.d/rc5.d ln -s ../SuSEfirewall2_setup S03SuSEfirewall2_setup ln -s ../SuSEfirewall2_final S04SuSEfirewall2_final Every SuSEfirewall2 now works and it tested out ok at Gibsons "Shields Up" Most ports were Stealth, 3 ports (tcp, pop3 and ?) were marked "Closed" Thanks for all the help. Ciao James Pearson E mail (mai) : james.pearson@wanadoo.fr E mail (bur) : james.pearson@wanadoo.com Web page: http://perso.wanadoo.fr/j.pearson/ What you make of your life is up to you. You have all the tools and resources you need. ----- Original Message ----- From: "Togan Muftuoglu" To: "suse" Sent: Friday, November 08, 2002 7:41 PM Subject: Re: [SLE] [SuSE 8.1] USB SpeedTouch modem user can't start SuSEfirewall2: sorry, long post !

* FX Fraipont; on 08 Nov, 2002 wrote:

...

# FW_MASQ_NETS="0/0"

????? it would be better in my opinion to say which networks is masquearded ie 192.168.1.0/24 much safer

...

# For FW_SERVICES_*_IP enter the protocol name (like "igmp") or number ("2") # # Common: smtp domain FW_SERVICES_EXT_TCP="http 80 pop3 smtp 25 ssh telnet " ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ http and 80 smtp and 25

just say "www smtp" and if yopuare using telnet why bother with ssh ?

...

# Common: domain FW_SERVICES_EXT_UDP="www"

www is TCP not UDP

...

# # Common: ssh smtp domain FW_SERVICES_INT_TCP="ssh smtp 25 26 143 www 80"

"ssh smtp 26 143 www"

...

FW_ALLOW_INCOMING_HIGHPORTS_TCP="2500 143" ^^^^ 143 is not a highport

# Common: "DNS" or "domain ntp", better is "yes" to be sure ... FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"

I would have put just "DNS" makes more secure

...

# if everything still works. (It should!) ;-) # # Choice: "yes" or "no", if not set defaults to "yes" # FW_KERNEL_SECURITY="no"

yes is much better

This is my opinion your mileage may vary

--

Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx

-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com