Hi!

When you establish a DSL connection with pppoe, all the traffic goes thru
the ppp0 interface. You must configure the ppp0 interface as the external
interface in Suse Firewall.
Change FW_DEV_EXT="eth0" to FW_DEV_EXT="ppp0".

Good Luck.

Alberto

----- Original Message -----
From: "Andreas Mantke" <maandgmx.de>
To: "suse-security-liste" <suse-securitysuse.com>
Sent: Thursday, January 02, 2003 11:46 AM
Subject: [suse-security] SuSEfirewall2 Suse 7.3

Hello all,

I am trying to setup my SuSEfirewall2. My network:
eth0 = extern (DSL)
eth1= intern (192.168.0.55 / Netmask 255.255.255.0).
You find my settings below. After FW2-Start I become with my Computer no
answer from the internet (no connect with browser or mail-program). After I
changed the variable FW2_Start to "no" and run /sbin/SuSEconfig nothing
happens. Only a restart sets the FW2-Start to no.
I hope for any tips to become my firewall running
Thanks
Andreas

My Firewall-settings:
FW_DEV_EXT="eth0"
FW_DEV_INT="eth1"
FW_DEV_DMZ=""
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="192.168.0.0/24"
FW_PROTECT_FROM_INTERNAL="no"
FW_AUTOPROTECT_SERVICES="yes"
FW_SERVICES_EXT_TCP=""
FW_SERVICES_EXT_UDP="13 53"
FW_SERVICES_EXT_IP=""
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_INT_TCP="22 53 80 8080 110 10001 3128 139 smtp ssh"
FW_SERVICES_INT_UDP="53"
FW_SERVICES_INT_IP=""
FW_TRUSTED_NETS=""
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
FW_SERVICE_AUTODETECT="no"
FW_SERVICE_DNS="no"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="no"
FW_SERVICE_SQUID=""
FW_SERVICE_SAMBA="no"
FW_FORWARD=""
FW_FORWARD_MASQ=""
FW_REDIRECT=""
----------------------------------------------------------------------
The output of route -n:
Kernel IP Routentabelle
Ziel Router Genmask Flags Metric Ref Use
Iface
217.5.98.70 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 217.5.98.70 0.0.0.0 UG 0 0 0 ppp0
---------------------------------------------------------------------

The output of /var/log/messages:
Jan 2 14:41:51 linux smpppd[1118]: connected on local socket
Jan 2 14:42:04 linux pppd[1911]: Plugin pppoe.so loaded.
Jan 2 14:42:04 linux kernel: CSLIP: code copyright 1989 Regents of the
Universi
ty of California
Jan 2 14:42:04 linux kernel: PPP generic driver version 2.4.1
Jan 2 14:42:04 linux pppd[1911]: PPPoE Plugin Initialized
Jan 2 14:42:05 linux pppd[1911]: Plugin passwordfd.so loaded.
Jan 2 14:42:05 linux pppd[1911]: pppd 2.4.1 started by root, uid 0
Jan 2 14:42:05 linux pppd[1911]: Sending PADI
Jan 2 14:42:05 linux pppd[1911]: HOST_UNIQ successful match
Jan 2 14:42:05 linux pppd[1911]: HOST_UNIQ successful match
Jan 2 14:42:05 linux pppd[1911]: Got connection: 1ebf
Jan 2 14:42:05 linux pppd[1911]: Connecting PPPoE socket: 00:90:1a:10:02:54
bf1
e eth0 0x8086678
Jan 2 14:42:05 linux pppd[1911]: using channel 1
Jan 2 14:42:05 linux pppd[1911]: Using interface ppp0
Jan 2 14:42:05 linux pppd[1911]: Connect: ppp0 <--> eth0
Jan 2 14:42:05 linux pppd[1911]: Couldn't increase MTU to 1500.
Jan 2 14:42:05 linux pppd[1911]: Setting MTU to 1492.
Jan 2 14:42:05 linux pppd[1911]: Couldn't increase MRU to 1500
Jan 2 14:42:05 linux pppd[1911]: sent [LCP ConfReq id=0x1 <mru 1490> <magic
0x7
6ed7a11>]
Jan 2 14:42:05 linux pppd[1911]: rcvd [LCP ConfReq id=0xec <mru 1492> <auth
pap
> <magic 0x72a884c1>] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00
0
0
Jan 2 14:42:05 linux pppd[1911]: sent [LCP ConfAck id=0xec <mru 1492> <auth
pap
> <magic 0x72a884c1>]
Jan 2 14:42:05 linux pppd[1911]: rcvd [LCP ConfAck id=0x1 <mru 1490> <magic
0x7
6ed7a11>] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00
0
0
Jan 2 14:42:05 linux pppd[1911]: Setting MTU to 1490.
Jan 2 14:42:05 linux pppd[1911]: sent [LCP EchoReq id=0x0 magic=0x76ed7a11]
Jan 2 14:42:05 linux pppd[1911]: cbcp_lowerup
Jan 2 14:42:05 linux pppd[1911]: want: 2
Jan 2 14:42:05 linux pppd[1911]: sent [PAP AuthReq id=0x1
user="1und1/1477-157
online.de" password=<hidden>]
Jan 2 14:42:05 linux pppd[1911]: rcvd [LCP EchoRep id=0x0 magic=0x72a884c1]
00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Jan 2 14:42:05 linux pppd[1911]: rcvd [PAP AuthAck id=0x1 "Authorization -
Succ
ess"] 00 00 00 00 00 00 00 00 00 00
Jan 2 14:42:05 linux pppd[1911]: Remote message: Authorization - Success
Jan 2 14:42:05 linux pppd[1911]: sent [IPCP ConfReq id=0x1 <addr
192.168.5.1>
<
ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
Jan 2 14:42:05 linux pppd[1911]: rcvd [IPCP ConfReq id=0xfa <addr
217.5.98.70>]
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00
0
0 00
Jan 2 14:42:05 linux pppd[1911]: sent [IPCP ConfAck id=0xfa <addr
217.5.98.70>]
Jan 2 14:42:05 linux pppd[1911]: rcvd [IPCP ConfNak id=0x1 <addr
80.135.161.129
> <ms-dns1 193.158.140.105> <ms-dns3 194.25.2.129>] 00 00 00 00 00 00 00 00
00
0
0 00 00 00 00 00 00
Jan 2 14:42:05 linux pppd[1911]: sent [IPCP ConfReq id=0x2 <addr
80.135.161.129
> <ms-dns1 193.158.140.105> <ms-dns3 194.25.2.129>]
Jan 2 14:42:06 linux pppd[1911]: rcvd [IPCP ConfAck id=0x2 <addr
80.135.161.129
> <ms-dns1 193.158.140.105> <ms-dns3 194.25.2.129>] 00 00 00 00 00 00 00 00
00
0
0 00 00 00 00 00 00
Jan 2 14:42:06 linux pppd[1911]: local IP address 80.135.161.129
Jan 2 14:42:06 linux pppd[1911]: remote IP address 217.5.98.70
Jan 2 14:42:06 linux pppd[1911]: primary DNS address 193.158.140.105
Jan 2 14:42:06 linux pppd[1911]: secondary DNS address 194.25.2.129
Jan 2 14:42:06 linux pppd[1911]: Script /etc/ppp/ip-up started (pid 1923)
Jan 2 14:42:06 linux modify_resolvconf: Service pppd modified
/etc/resolv.conf.
 See info block in this file
Jan 2 14:42:08 linux SuSEfirewall2: Firewall rules successfully set from
/etc/r
c.config.d/firewall2.rc.config
Jan 2 14:42:08 linux pppd[1911]: Script /etc/ppp/ip-up finished (pid 1923),
sta
tus = 0x0
Jan 2 14:42:20 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC=
SRC=193.
158.140.105 DST=80.135.161.129 LEN=249 TOS=0x00 PREC=0x00 TTL=57 ID=50246
PROTO=
UDP SPT=53 DPT=1024 LEN=229
Jan 2 14:42:25 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC=
SRC=194.
25.2.129 DST=80.135.161.129 LEN=249 TOS=0x00 PREC=0x00 TTL=249 ID=56229 DF
PROTO
=UDP SPT=53 DPT=1025 LEN=229
Jan 2 14:42:30 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC=
SRC=193.
158.140.105 DST=80.135.161.129 LEN=249 TOS=0x00 PREC=0x00 TTL=57 ID=43751
PROTO=
UDP SPT=53 DPT=1024 LEN=229
Jan 2 14:42:35 linux pppd[1911]: sent [LCP EchoReq id=0x1 magic=0x76ed7a11]
Jan 2 14:42:35 linux pppd[1911]: rcvd [LCP EchoRep id=0x1 magic=0x72a884c1]
00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Jan 2 14:42:36 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC=
SRC=194.
25.2.129 DST=80.135.161.129 LEN=249 TOS=0x00 PREC=0x00 TTL=249 ID=33873 DF
PROTO
=UDP SPT=53 DPT=1025 LEN=229
Jan 2 14:42:40 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC=
SRC=193.
158.140.105 DST=80.135.161.129 LEN=143 TOS=0x00 PREC=0x00 TTL=57 ID=56391
PROTO=
UDP SPT=53 DPT=1025 LEN=123
Jan 2 14:42:44 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC=
SRC=193.
158.140.105 DST=80.135.161.129 LEN=249 TOS=0x00 PREC=0x00 TTL=57 ID=5131
PROTO=U
DP SPT=53 DPT=1025 LEN=229
Jan 2 14:42:49 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC=
SRC=194.
25.2.129 DST=80.135.161.129 LEN=249 TOS=0x00 PREC=0x00 TTL=249 ID=60727 DF
PROTO
=UDP SPT=53 DPT=1026 LEN=229
Jan 2 14:42:54 linux kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC=
SRC=193.
158.140.105 DST=80.135.161.129 LEN=249 TOS=0x00 PREC=0x00 TTL=57 ID=6608
PROTO=U
DP SPT=53 DPT=1025 LEN=229
Jan 2 14:42:56 linux pppd[1911]: Terminating on signal 15.

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]