On Mon, 2004-06-07 at 18:46, Leendert Meyer wrote:
On Monday 07 June 2004 17:02, Ulrich Leopold wrote:
On Mon, 2004-06-07 at 15:25, Leendert Meyer wrote:
Ok. I have all these options checked. It should work now. But it does
not.
I have the feeling that the problem is in the transmission on teh server
of input from eth1 (dhcpd-server, internal device) to eth0 (dhcp-client
to the internet, external device).
Yes.
Maybe the router configuration doe snot match? I configured this as
default=192.168.01 and IP forwarding.
In addition when I boot now the computer I get martian sources from my
ISP somewhere which "blocks" the internet. Is this due to running and
detecting a dhcpd-server?
Yes, you can turn that off with:
FW_KERNEL_SECURITY="no"
in /etc/sysconfig/SuSEfirewall2 (read its comment there).
I am getting a bit lost I must say. I have been configuring and trying
so much that I might have screwed something up now (?).
That is a possibility. ;) I had some difficulties too with the first time.
What is the output of:
- diff -U 0 /etc/sysconfig/SuSEfirewall2 /usr/share/doc/packages/SuSEfirewall2/SuSEfirewall2.sysconfig
- ifconfig eth0
- ifconfig eth1
- route
Ok. I attached three different files diff-firewall, ifconfig and route.
So far I have not turned off
FW_KERNEL_SECURITY="no"
I changed some of the ip# numbers and subnet
numbers as well in order to try to match them between eth0 and eth1 and route. But I am not
quite there where I thought I could be ;-) But thanks a lot to you Leen and Peter so far.
Cheers, Ulrich
diff-firewall
--- /etc/sysconfig/SuSEfirewall2 2004-06-07 17:38:14.260400832 +0200
+++ /usr/share/doc/packages/SuSEfirewall2/SuSEfirewall2.sysconfig 2004-04-06 03:24:40.000000000 +0200
@@ -1,0 +2 @@
+# Copyright (c) 2003,2004 SuSE Linux AG Nuernberg, Germany. All rights reserved.
@@ -3,2 +4 @@
-# Author: Marc Heuse , 2002
-# Please contact me directly if you find bugs.
+# Author: Marc Heuse , 2002
@@ -126,2 +126,3 @@
-# Choice: any number of devices, seperated by a space
-# e.g. "eth0", "ippp0 ippp1 eth0:1"
+# Choice: any number of device names, separated by a space. The
+# keyword "auto" means to use the device of the default route.
+# e.g. "eth0", "ippp0 ippp1", "auto"
@@ -129 +130,3 @@
-FW_DEV_EXT="eth-id-00:00:b4:bb:ca:db ppp0"
+# Note: alias interfaces (like eth0:1) are ignored
+#
+FW_DEV_EXT="auto"
@@ -141 +144 @@
-# e.g. "tr0", "eth0 eth1 eth1:1" or ""
+# e.g. "tr0", "eth0 eth1 eth1" or ""
@@ -143 +146 @@
-FW_DEV_INT="eth-id-52:54:05:fe:c2:d7"
+FW_DEV_INT=""
@@ -160 +163 @@
-# e.g. "tr0", "eth0 eth1 eth1:1" or ""
+# e.g. "tr0", "eth0 eth1 eth1" or ""
@@ -183 +186 @@
-FW_ROUTE="yes"
+FW_ROUTE="no"
@@ -200 +203 @@
-FW_MASQUERADE="yes"
+FW_MASQUERADE="no"
@@ -226 +229 @@
-FW_MASQ_NETS="0/0"
+FW_MASQ_NETS=""
@@ -244 +247 @@
-FW_PROTECT_FROM_INTERNAL="no"
+FW_PROTECT_FROM_INTERNAL="yes"
@@ -258 +261 @@
-FW_AUTOPROTECT_SERVICES="no"
+FW_AUTOPROTECT_SERVICES="yes"
@@ -284,5 +287 @@
-FW_SERVICES_EXT_TCP="rsync ssh"
-
-## Type: string
-# Common: domain
-FW_SERVICES_EXT_UDP=""
+FW_SERVICES_EXT_TCP=""
@@ -291,0 +291 @@
+FW_SERVICES_EXT_UDP="" # Common: domain
@@ -296,0 +297,7 @@
+## Type: string
+# Port numbers of RPC services are dynamically assigned by the portmapper.
+# Therefore "rpcinfo -p localhost" is used to automatically determine the
+# currently assigned port for the services specified here.
+# Typical choice: mountd nfs
+FW_SERVICES_EXT_RPC=""
+
@@ -309,0 +317,7 @@
+## Type: string
+# Port numbers of RPC services are dynamically assigned by the portmapper.
+# Therefore "rpcinfo -p localhost" is used to automatically determine the
+# currently assigned port for the services specified here.
+# Typical choice: mountd nfs
+FW_SERVICES_DMZ_RPC=""
+
@@ -321,0 +336,7 @@
+## Type: string
+# Port numbers of RPC services are dynamically assigned by the portmapper.
+# Therefore "rpcinfo -p localhost" is used to automatically determine the
+# currently assigned port for the services specified here.
+# Typical choice: mountd nfs
+FW_SERVICES_INT_RPC=""
+
@@ -409 +430 @@
-# They need special attention - otherwise they won
+# They need special attention - otherwise they won´t work!
@@ -418,5 +439 @@
-FW_SERVICE_AUTODETECT="yes"
-
-## Type: yesno
-## Default: no
-# Autodetect the services below when starting
+FW_SERVICE_AUTODETECT="yes" # Autodetect the services below when starting
@@ -472,4 +489 @@
-FW_FORWARD=""
-
-## Type: string
-# Beware to use this!
+FW_FORWARD="" # Beware to use this!
@@ -518,4 +532 @@
-FW_FORWARD_MASQ=""
-
-## Type: string
-# Beware to use this!
+FW_FORWARD_MASQ="" # Beware to use this!
@@ -571,0 +583,5 @@
+## Type: string
+#
+# only change/activate this if you know what you are doing!
+FW_LOG=""
+
@@ -585,0 +602,3 @@
+# Warning: do not set FW_KERNEL_SECURITY and FW_ANTISPOOF to "no" at the same
+# time, otherwise you won't have any spoof protection!
+#
@@ -592,0 +612,11 @@
+# 17a.)
+#
+# Setup anti-spoofing rules?
+# Anti-Spoofing rules shouldn't be necessary with rp_filter set. They only
+# cause headaches with dynamic interfaces.
+#
+# Warning: do not set FW_KERNEL_SECURITY and FW_ANTISPOOF to "no" at the same
+# time, otherwise you won't have any spoof protection!
+#
+FW_ANTISPOOF="no"
+
@@ -659 +689 @@
-FW_ALLOW_FW_TRACEROUTE="no"
+FW_ALLOW_FW_TRACEROUTE="yes"
@@ -678 +708 @@
-# Allow/Ignore IP Broadcasts?
+# Allow IP Broadcasts?
@@ -688 +718 @@
-FW_ALLOW_FW_BROADCAST="no"
+FW_ALLOW_FW_BROADCAST="int"
@@ -693 +723,3 @@
-FW_IGNORE_FW_BROADCAST="yes"
+# set to yes to suppress log messages for dropped broadcast packets
+#
+FW_IGNORE_FW_BROADCAST="no"
@@ -772,35 +803,0 @@
-## Type: string
-# Port numbers of RPC services are dynamically assigned by the portmapper.
-# Therefore "rpcinfo -p localhost" is used to automatically determine the
-# currently assigned port for the services specified here.
-# Typical choice: mountd nfs
-FW_SERVICES_EXT_RPC=""
-
-## Type: string
-# Port numbers of RPC services are dynamically assigned by the portmapper.
-# Therefore "rpcinfo -p localhost" is used to automatically determine the
-# currently assigned port for the services specified here.
-# Typical choice: mountd nfs
-FW_SERVICES_DMZ_RPC=""
-
-## Type: string
-# Port numbers of RPC services are dynamically assigned by the portmapper.
-# Therefore "rpcinfo -p localhost" is used to automatically determine the
-# currently assigned port for the services specified here.
-# Typical choice: mountd nfs
-FW_SERVICES_INT_RPC=""
-
-## Type: yesno
-## Default: no
-#
-# 17a.)
-#
-# Setup anti-spoofing rules?
-# Anti-Spoofing rules shouldn't be necessary with rp_filter set. They only
-# cause headaches with dynamic interfaces.
-#
-# Warning: do not set FW_KERNEL_SECURITY and FW_ANTISPOOF to "no" at the same
-# time, otherwise you won't have any spoof protection!
-#
-FW_ANTISPOOF="no"
-
@@ -851,0 +849,3 @@
+# FW_SERVICES_INT_IP="esp"
+# FW_SERVICES_EXT_UDP="isakmp"
+# FW_PROTECT_FROM_INTERNAL="no"
@@ -864,5 +863,0 @@
-
-## Type: string
-#
-# only change/activate this if you know what you are doing!
-FW_LOG=""
eth0 Link encap:Ethernet HWaddr 00:00:B4:BB:CA:DB
inet addr:62.194.22.104 Bcast:255.255.255.255 Mask:255.255.255.128
inet6 addr: fe80::200:b4ff:febb:cadb/64 Scope:Link
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:25586 errors:0 dropped:0 overruns:0 frame:0
TX packets:2642 errors:0 dropped:0 overruns:0 carrier:0
collisions:5 txqueuelen:1000
RX bytes:3422205 (3.2 Mb) TX bytes:360476 (352.0 Kb)
Interrupt:5 Base address:0xbc00
eth1 Link encap:Ethernet HWaddr 52:54:05:FE:C2:D7
inet addr:192.168.0.1 Bcast:192.168.0.127 Mask:255.255.255.128
inet6 addr: fe80::5054:5ff:fefe:c2d7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:81 errors:0 dropped:0 overruns:0 frame:0
TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9466 (9.2 Kb) TX bytes:4418 (4.3 Kb)
Interrupt:9 Base address:0xc000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1223 errors:0 dropped:0 overruns:0 frame:0
TX packets:1223 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:237604 (232.0 Kb) TX bytes:237604 (232.0 Kb)