Re: [SLE] SuSEfirewall2 and games

From: Keith Mickunas (keith_at_mickunas.net)
Date: 07/28/03

  • Next message: David: "Re: [SLE] Turning a partition AFTER SuSE into a DOS partition?" 
    Date: Mon, 28 Jul 2003 15:24:28 -0500
To: suse-linux-e@suse.com

    I should have specified that I did change those variables. I now have it set to:
    FW_SERVICES_INT_TCP="80 137 138 139 1000:4000 47624"
    FW_PROTECT_FROM_INTERNAL="no"
    FW_ALLOWINCOMING_HIGHPORTS_*="yes"

    And yet I see rejections in the log that look like this:
    SuSE-FW-ACCESS_DENIED_INT IN =eth1 OUT= MAC(blah blah) SRC=192.168.0.2
    DST=209... LEN... PROTO=TCP SPT=4584 DPT=80 ...

    So the SRC IP is my windows box, the dest IP is eth0 which is the external
    ethernet card. So the request comes in via eth1 to port 80 and it gets blocked.
     I even tried using http and https in the FW_ line. Yet Samba and ssh work just
    fine.

    There's another thread that's covering similar issues. Someone mentioned
    something about "split-brain dns" or the like. Still it should be available.
    When I had Redhat 7.1 running and used firestarter to set up an iptables
    firewall it worked just fine. It was easy as can be to open a port, allow and
    block specific ips, and view the webserver. 

    -- 
Keith Mickunas
keith@mickunas.net
I'll be deep in the cold, cold ground before I recognize Missourah! - Grandpa
Simpson
Quoting "Carlos E. R." <robin1.listas@tiscali.es>:
> 
> The 03.07.27 at 22:10, Keith Mickunas wrote:
> 
> > the name, which is registered to the external card, the firewall blocks it,
> even
> > though I've explicitly stated both internal and external connections can
> see
> > port 80, http, and https.  But the log is showing that the firewall refuses
> the
> > connection on the internal card to port 80.
> 
> Because you have them closed:
> 
> >> FW_SERVICES_INT_TCP="137 138 139"
> >> FW_SERVICES_INT_UDP="137 138 139"
> 
> 
> -- 
> Cheers,
>        Carlos Robinson
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
-- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com
  • Next message: David: "Re: [SLE] Turning a partition AFTER SuSE into a DOS partition?"

    Relevant Pages

    • Re: Activesync / Airsync - Alternative Ports
      ... Setup a reverse HTTP proxy. ... Another idea is to use the PPTP capabilities of a Windows Server to allow ... Satellite - Cisco Firewall - Exchange Server ... So on the server side you would configure the port 80 to redirect to ...
      (microsoft.public.pocketpc.activesync)
    • Re: suggestions on router w/firewall
      ... a simple packet filtering firewall should process HTTP ... > is received on port 21 by the same rules that would be used for FTP. ... A simple packet filter type of firewall cannot do that, ...
      (comp.security.firewalls)
    • Re: After frontpage connected to remote will not transfer files wh
      ... The Netgear router incorporates a firewall that could be blocking HTTP ... HTTP publishing requires port 80 be opened for traffic in both ... >I was able to load everything at another wireless location and ...
      (microsoft.public.frontpage.client)
    • Re: Activesync / Airsync - Alternative Ports
      ... If you wanted to throw hardware at it, you could probably setup a firewall ... on your side to reroute the requests for 80 and 443 to another port, ... Seems like http is hardcoded to go to 80 for Airsync. ...
      (microsoft.public.pocketpc.activesync)
    • Re: Wow - is SuSE hard to configure!
      ... firewall as the box that those rules were snipped from had the IDSN ... a port scan from outside only shows up the ... I do have a ADSL PCI card that I've yet to actually try out. ... then I bought the router so it's yet to actually be tried out. ...
      (alt.os.linux.suse)
    Loading