[linux-l] SuSE 8.0 firewall läßt nichts mehr durch

Carl van Denzen cvdenzen at hetnet.nl
Mi Apr 9 22:35:32 CEST 2003 

Hello Michael,

I tried your solution, but it doesn't work. I changed my 
"/etc/sysconfig/SuSEfirewall2" (see the attachment).
I rebooted the pc.
And still the packets are not accepted (see a part of my 
/var/log/messages in the attachment).
My internet provider on ippp0 is called Hetnet.
The main office is called Hazis (ippp2).
Don't worry about the USB messages: I am experimenting with it.

I want to explain about ippp2: it is a dial-up to the main office, the 
place where I normally go to work every day. Sometimes I work from my 
home pc and then I dial ippp2.

When I disable the firewall, I don't have any problems.
Can you explain why this settings do not work (i.e. refuse the dns 
packets from ippp2 but accept them from ippp0)?

Carl.



Michael Baudinne wrote:

> Shalom,
>
> Carl van Denzen wrote:
>
>> My setup is as follows:
>> 2 ippp connections (ISDN):
>> ippp0 to my regular internet provider
>
> Thats external then ...
>
>> ippp2 to a MAX2000 ISDN router at the office
>
> Is that actually an internal line to the *main* office ?
> Should then be an INT interface in the firewall...
> Or is it just a backup line ?
>
>> Both ippp0 and ippp2 are defined as EXT in the firewall.
>> I do not have any problem with my internet provider, but the firewall 
>> will not accept the dns packets that come from interface ippp2.
>
> I would put ippp2 in INT (same as your eth0) and honor the
> FW_ALLOW_CLASS_ROUTING parameter ...
>
> KiSSes
> 9teen
>
> _______________________________________________
> linux-l mailing list
> linux-l at mlists.in-berlin.de
> https://mlists.in-berlin.de/mailman/listinfo/linux-l
>

-------------- nächster Teil --------------
Ein eingebundener Text mit undefiniertem Zeichensatz wurde abgetrennt.
Name: SuSEfirewall2
URL: <https://mlists.in-berlin.de/pipermail/linux-l-mlists.in-berlin.de/attachments/20030409/7f57c9eb/attachment.ksh>
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : messages.gz
Dateityp    : application/x-gunzip
Dateigröße  : 7059 bytes
Beschreibung: nicht verfügbar
URL         : <https://mlists.in-berlin.de/pipermail/linux-l-mlists.in-berlin.de/attachments/20030409/7f57c9eb/attachment.bin>

Mehr Informationen über die Mailingliste linux-l