Re: [SLE] Firewall zones



Mon, 25 Sep 2006, by abrahams@xxxxxxx:

I want to configure the SuSE firewall so that communication within my LAN is
uninhibited but communication outside the LAN is fully protected. Looking
at the firewall configuration in Yast, I see that the external zone is
protected but the internal zone is not. However, I don't see how to specify
that the internal zone consists of hosts with addresses 192.168.0.x. This
would seem to be a pretty common requirement.

Please be more specific about your setup. Do you have a network-card
with an alias IP address or something?


It appears that the firewall configurator can specify that an interface is
external or internal, but I have only one interface (network card). It
connects to the LAN and to the router; the router in turn talks to the world.
It's a very common setup.

Perhaps, but that doesn't make it the best setup.
Having your LAN systems on the same segment and IP range as the
"firewall" means that there's nothing between the Internet and the
'other' systems, except the router's rules for port-forwarding etc.

If you want to have a better protection I'd look for a "real" router, that
can be configured for multiple LAN IP ranges, or setup the Linux
machine as such.
..
Theo
--
Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org
ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131
SUSE 9.2 + Jabber: muadib@xxxxxxxxxxxxxxxx
Kernel 2.6.8 + See headers for PGP/GPG info.
Claimer: any email I receive will become my property. Disclaimers do not apply.

--
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@xxxxxxxx



Relevant Pages

  • Re: XP-Home Ed - Sharing & Security?
    ... home LAN are not just unresponsive to outside probes but are ... without password protection to anyone on the LAN - which is not a ... Terminates in a Westell WireSpeed DSL Modem w/Default config ... >Pro firewall set to highest internet zone level? ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Another Newbie asking "Which Anti-Virus Sofware is the Best?"
    ... the LAN side. ... The cost of a 'firewall appliance' can be as little as a few hundreds of ... I can think of only three advantages to a wireless LAN; ... protection from lightning induced surges on phone lines or cable ...
    (alt.comp.anti-virus)
  • Re: ADSL Modem/Router Question
    ... > .233 is assigned to the modem/router, the other is for a web server. ... > lan which can use the internet, but also allow his web server to ... integrate a NAT setup with multiple IPs. ... Green is my internal LAN on a LAN subnet and Orange is ...
    (comp.security.firewalls)
  • Re: iptables configuration
    ... I have a RH firewall setup to protect my LAN, ...
    (comp.os.linux.security)
  • Re: kern/147191: [ppp] Problems with ppp -nat [pppoe], ipfw, dummynet
    ... I don't have much experience doing ipfw setups, but I've setup docens of boxes with ipfilter. ... My initial setup uses ppp -nat, without natd. ... So I expect that a packed passed IN from local lan, after translated, hit the firewall as XMIT on tun0. ... What I noted on this setup is that I must pass the traffic incoming from local lan LAST, or NATP is not fuction at all. ...
    (freebsd-net)