|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Kurt Minder (kurtminder_at_bluewin.ch)
Date: Tue Nov 12 2002 - 07:43:03 CST
Hi
> -----Ursprüngliche Nachricht-----
> Von: Chris FitzGerald [mailto:mersco
pandora.be]
> Gesendet: Dienstag, 12. November 2002 12:17
> An: Suse-Security (E-Mail)
> Betreff: Re: [suse-security] SuSEfirewall2 configuration
>
>
> Hi,
> In answer to 1
> When you use FW_SERVICES_DMZ it opens up the ports you wish
> to allow. not
> looking if it came from internal or external.
> You do have to open up the ports on the external and internal
> services to
> allow the traffic to come in in the first place .
Ok. I understand. What you let in from any (EXT, INT)interface may should
access to the DMZ
In my case it doesn't, nor the DMZ can access the services opened in the
SERVICES_DMZ
So i'm back on the solution to use FW_FORWARD. Is this normal? or is it a
conflict in the configuration?
Obviously the DMZ rules are never applied because the packages ar dropped
before.
> Togan wrote:
> I would say wide open by defining TCP/UDP/IGMP you rare limiting the
> protocols that are allowed when you add the port number than only the
> protocol along with the matching port is allowed.
I agree with you. For the MASQ_NETS (restrict access from INT to EXT)
section it works like this, but when i use this in the TRUSTED_NETS section
it won't. I configured the whole INT and DMZ as trusted net
(FW_TRUSTED_NETS="192.168.0.0/16"), i know bad idea. But everthing is
dropped or denied.
Hopefully someone knows something about the reasons.
Cheers Kurt
>
> Tricky question for me too...
>
> regards
>
> chris
>
> _____________________________________________
> Make money while you work !!! No surfing required!
> http://www.degoo.com/index.php?refid=mersco
>
> This is for real !!!
> ----- Original Message -----
> From: "Kurt Minder" <kurtminderbluewin.ch>
> To: "Suse-Security (E-Mail)" <suse-securitysuse.com>
> Sent: Tuesday, November 12, 2002 12:02 PM
> Subject: [suse-security] SuSEfirewall2 configuration
>
>
> > Hi folks
> >
> > I followed the threads about configuring the firewall, but
> it was not
> really
> > enlightning me (sorry).
> >
> > So some questions:
> >
> > 1.)
> > Does the FW_SERVICE_DMZ open only a connection form DEV_EXT
> to DEV_DMZ ?
> > Because when i want to access the DMZ from internal i have
> to use the
> > FW_FORWARD statement.
> >
> > 2.)
> > A question to the notation
> > # A forwarding rule consists of 1) source IP/net and 2)
> destination IP
> > # seperated by a comma. e.g. "1.1.1.1,2.2.2.2 3.3.3.3/16,4.4.4.4/24"
> > # Optional is a protocol, seperated by a comma, e.g.
> "5.5.5.5,6.6.6.6,igmp"
> > # Optional is a port after the protocol with a comma, e.g.
> "0/0,0/0,udp,514"
> >
> > When i leave away protocol and port what is (or should)open then?
> >
> > I'm using 7.3
> >
> >
> > Cheers Kurt
> >
> >
> >
> > --
> > Check the headers for your unsubscription address
> > For additional commands, e-mail: suse-security-helpsuse.com
> > Security-related bug reports go to securitysuse.de, not here
> >
> >
>
>
>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-helpsuse.com
> Security-related bug reports go to securitysuse.de, not here
>
>
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]