|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Richard Ems (r.ems.mtg_at_gmx.net)
Date: Fri Jan 10 2003 - 11:49:07 CST
Hi list!
SuSE Linux 8.1, SuSEfirewall2-3.1-26
I'm trying to ping and traceroute from the internal masqueraded net.
But the internal masq. net should only ping/traceroute, nothing else.
The problem is that in FW_MASQ_NETS only tcp and udp are accepted, icmp
is not. Why?
So setting
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="yes"
and
FW_ALLOW_FW_TRACEROUTE="yes"
isn't enough, the internal net isn't masqueraded as it should.
I would like to do something like
FW_MASQ_NETS="192.168.1.0/24,0/0,icmp"
but SuSEfirewall2 will throw an error on this:
lines 1583 to 1586 from /sbin/SuSEfirewall2:
1583 test "$PROTO" = tcp -o "$PROTO" = udp || {
1584 echo "Error: The protocol with FW_MASQ_NETS must be tcp
or udp -> $NETS"
1585 NET2=""
1586 }
Any ideas how to do this?
Would it be possible to extend the script to allow also icmp as a valid
protocol?
Thanks, Richard
--
Richard Ems
... e-mail: r.ems
gmx.net
... Computer Science, University of Hamburg
Unix IS user friendly. It's just selective about who its friends are.
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]