OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [suse-security] firewals-2.1-5 (from 6.4), 1x dev-world, 2x dev-int
From: Wolfram Schlich (wolframschlich.org)
Date: Tue Oct 03 2000 - 09:22:23 CDT

thanx - works! :)

Oct 3 16:19:43 klondike kernel: Packet log: input DENY eth0
PROTO=17 192.168.0.10:138 192.168.0.255:138 L=253 S=0x00 I=34543
F=0x0000 T=64 (#12)

seems that the firewall prevents itself (it's samba-d) to
broadcast... :(

Mit freundlichen Grüssen

| Wolfram Schlich
------------------------------------------------------------------
| E-Mail: wolframschlich.org * ICQ #: 35713642
| Postal: Berghof * 56626 Andernach * Germany
| Tel.: +49-(0)2636-941194

----- Original Message -----
From: "semat" <sematwawa.eahd.or.ug>
To: "W.Schlich" <wolframschlich.org>
Cc: <suse-securitysuse.com>
Sent: Tuesday, October 03, 2000 1:05 PM
Subject: Re: [suse-security] firewals-2.1-5 (from 6.4), 1x
dev-world, 2x dev-int

> Okay I don't think this is how marc would do it but I would put
that line
> at line 729 of /sbin/SuSEfirewall i.e
> }
> done
> # Here is your rule:
> $IPCHAINS -A forward -s etc etc -d etc ....
> test "$FW_ROUTE" = yes && for i in $DEV_INT_NET $FW_MASQ_NETS; do
> for j in $FW_DEV_WORLD; do
> $IPCHAINS -A input -j "$DENY" -i $j -d $i $LDC
> done
> done
>
>
> On Tue, 3 Oct 2000, W.Schlich wrote:
>
> > first: thanks for your help.
> > > > --snip--
> > > > ipchains -D forward 2
> > > > ipchains -A forward -s 192.168.0.0/23 -d 192.168.0.0/23 -j
> > ACCEPT
> > > > --snip--
> > > The rule you've used above is quite okay now in order not to
> > always have
> > > to put it in manually you can add it to /sbin/SuSEfirewall
before
> > the rule
> > > that tells it to deny everything by default.
> > hmm...
> > I don't _really_ understand /sbin/SuSEfirewall
> > any hints which line to go to? :)
> >
> > > Although from what I see above those two cards seem to be on
the
> > same
> > > network.
> > err...
> > eth0: 192.168.0.0/24 (192.168.0.0/255.255.255.0)
> > eth1: 192.168.1.0/24 (192.168.1.0/255.255.255.0)
> > -> 192.168.0.0/23 (192.168.0.0/255.255.254.0)
> >
> > btw: am I the first one who needs forwarding / routing etc.
between
> > internal interfaces?!
> >
> > Mit freundlichen Grüssen
> >
> > | Wolfram Schlich
>
> ------------------------------------------------------------------
> > | E-Mail: wolframschlich.org * ICQ #: 35713642
> > | Postal: Berghof * 56626 Andernach * Germany
> > | Tel.: +49-(0)2636-941194
> >
> >
> >
>
> ------------------------------------------------------------------ 

---
> > To unsubscribe, e-mail: suse-security-unsubscribesuse.com
> > For additional commands, e-mail: suse-security-helpsuse.com
> >
> >
>
>
>
> ------------------------------------------------------------------
---
> To unsubscribe, e-mail: suse-security-unsubscribesuse.com
> For additional commands, e-mail: suse-security-helpsuse.com
>

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com