[SLE] 9.1 masquerading and firewall oddities
From: Jason (jglane_at_btopenworld.com)
Date: 05/10/04
- Previous message: Carl William Spitzer IV: "[SLE] Someone subscribed via Win32 is infected"
- Next in thread: Jason: "Re: [SLE] 9.1 masquerading and firewall oddities"
- Reply: Jason: "Re: [SLE] 9.1 masquerading and firewall oddities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: SLE <suse-linux-e@suse.com> Date: Mon, 10 May 2004 00:46:54 +0100
Hi,
I'm having troubles getting networking set up correctly in my fresh new
installation of 9.1 -- I had the network functioning fine with 8.2, and I'm
sure it wasn't as difficult as this to set up...
I've found if I configure the Firewall for forwarding and masquerading and
ssh, while not connected. Subsequently connecting using kinternet or
cinternet, access to the internet is blocked.
However if I restart the firewall by calling 'SuSEfirewall2' or
'rcSuSEfirewall2 restart', while the ppp connection is active everything
works as it should. Masquerading from the laptop, net access on my main
machine.
In 8.2 I didn't have to restart the firewall when I connected, masquerading
just happened.
This also happens when booting -- the ppp0 link only comes active after the
firewall starts, and no access to the internet is possible. Until the
firewall is reset after ppp0 is active.
I have a hotplug script for my ADSL modem that calls cinternet so the internet
connection is live when the machine boots, but the modem takes 15 seconds or
so to load it's firmware and make the atm connection, before it is ready to
bring up the ppp connection.
I've put a kludge in the modem hotplug script that calls /sbin/SuSEfirewall2
to reset the firewall after ppp0 comes up -- but this seems an ugly
workaround. But it works.
Have I missed something obvious? Or doesn't the new networking infrastructure
in 9.1 handle firewalls on dynamic interfaces too well?
Currently in the dark....
Jason
PS:
Background information.
I've got an ADSL connection with BT, using a USB speedtouch modem (the old
blue fishy looking one) which works fine, after fiddling around a bit with
hotplug scripts in 9.1.
My PC has an Intel e100 ethernet card connected to a hub for the local
network. I'm using static IP addresses for my local network.
My main box is acting as router and firewall and print server. I also have ssh
available through the firewall, so I can access my machine from work. This
arrangement was working fine in 8.2, and I'm pretty sure I only used YaST to
set up the networking, routing, firewall and all.
I set up the firewall with the following settings using YaST:
External Interface: dsl0
Internal Interface: eth-id-00:08:c7:db:f1:fc
Other Services:
X Secure Shell (ssh)
Firewall Features:
X Forward Traffic and Do Masqueading
X Protect All Running Services
X Allow Traceroute
All other entries left blank.
(I've also tried eth0, and ppp0 for the internal and external interfaces, and
fiddled around with settings in /etc/sysconfig ... but to no avail)
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
- Previous message: Carl William Spitzer IV: "[SLE] Someone subscribed via Win32 is infected"
- Next in thread: Jason: "Re: [SLE] 9.1 masquerading and firewall oddities"
- Reply: Jason: "Re: [SLE] 9.1 masquerading and firewall oddities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
