On Mon, Mar 15, 2004 at 01:11:10PM -0800, Andrew Nelson wrote:
I'm having some very strange SuSE Firewall behavior in version 9. My server has 3 NICs in it. eth0 is connected to the ADSL, eth1 is connected to the internal network, and eth2 is connected to the linksys wireless AP. I have eth1 set as the internal network and eth2 as the DMZ. Both networks get their addresses from DHCP, or at least they did in 8.2. Since upgrading the DMZ has been completely unable to DHCP. I have recently set up another system from the ground up with the same results. I have run dhcpcd-test eth2 which and received nothing. eth1 however works flawlessly. If I were to plug the AP into the internal network, again everything works flawlessly. It seems to be the problem is either with the NIC or the firewall and DMZ. Since I have verified the problem to exist on another machine with different NICs I am led to believe it's the firewall. My internal network is 192.168.10.x and the DMZ network is 192.168.20.x ppp1 is a pptp interface.
If I were to set the personal firewall settings to modem everything works internally, but no external connections are possible. Normally the personal firewall settings are disabled.
Any ideas??
See the first note in /usr/share/doc/packages/dhcp-server/README.SuSE: """ The dhcp-server package uses BSD sockets instead of LPF (linux packet filter), which allows filtering of the DHCP network traffic by iptables packet filters. This means that, until now, this traffic may have passed your firewall (one that runs on the same machine, that is) without any special rules allowing it, and now it is blocked. An adjustion of your firewall by adding appropriate rules may be necessary. """ Do the following rules help? iptables -I INPUT -p udp -i eth0 --sport bootpc --dport bootps -j ACCEPT iptables -I INPUT -p udp -i eth0 -s 192.168.0.0/24 --sport bootps --dport bootpc -j ACCEPT Peter