On Mon, 2003-05-12 at 05:07, Togan Muftuoglu wrote:
If you change the advanced kernel features ( ie from yes to no the only way to make them actually happen is a reboot as far as I know )
Good thought. I rebooted to check this, but I still have the problem.
Do you have the HTB part configured in the firewall and/or do you have the wondershaper also set ? These are the two reagdring traffic shapping
Nope. Neither.
Which SuSEfirewall2 are you running IIRC there was an update for 8.2. Also can you set post the firewall configuration
I updated to the latest: SuSEfirewall2-3.1-95. And here's the config. (192.168.1.0 is my DMZ, 192.168.4.0 is my internal. There really ought to be a facility to encapsulate networks like there is the interfaces, but that's another kettle of fish.) FW_QUICKMODE="no" FW_DEV_EXT="eth2" FW_DEV_INT="eth0" FW_DEV_DMZ="eth1" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="0/0" FW_PROTECT_FROM_INTERNAL="yes" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="ssh domain" FW_SERVICES_EXT_UDP="domain" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="ssh domain" FW_SERVICES_DMZ_UDP="domain" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="ssh domain" FW_SERVICES_INT_UDP="domain" FW_SERVICES_INT_IP="" FW_SERVICES_QUICK_TCP="" FW_SERVICES_QUICK_UDP="" FW_SERVICES_QUICK_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="" FW_ALLOW_INCOMING_HIGHPORTS_UDP="domain ntp" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="yes" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="yes" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="192.168.4.0/24,192.168.1.1,tcp,25 192.168.4.0/24,192.168.1.1,tcp,993 192.168.4.0/24,192.168.1.1,tcp,465, 192.168.4.0/24,192.168.1.1,tcp,80 192.168.4.0/24,192.168.1.1,tcp,443 192.168.4.0/24,192.168.1.0/24,tcp,22 192.168.4.0/24,192.168.1.2,udp,2049 192.168.4.0/24,192.168.1.2,tcp,631" FW_FORWARD_MASQ="0/0,192.168.1.1,tcp,25 0/0,192.168.1.1,tcp,465 0/0,192.168.1.1,tcp,993 0/0,192.168.1.1,tcp,80 0/0,192.168.1.1,tcp,443" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_CRIT="no" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="no" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="yes" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="no" FW_CUSTOMRULES="" FW_REJECT="no" FW_HTB_TUNE_DEV=""
Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
I really appreciate your response. The SuSEfirewall PDF has really helped me to understand what (apparently) little I do know about it. Thanks! dk