|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [suse-security] Can't open any port
From: Daryl Lee (dlee
altaregos.com)
Date: Fri Dec 12 2003 - 23:13:47 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I have temporarily worked around my problem by reinstating the script
(not SuSEfirewall2) that worked for me before installing SuSE. It may
not be as encompassing (for example, it allows SSH connections on the
internet interface from a workstation inside the firewall). But it will
get me "over the hump" until a more elegant solution presents itself.
Thanks for all the attempts to help.
Daryl
On Fri, 2003-12-12 at 07:27, Daryl Lee wrote:
> I am trying to configure my firewall to accept remote SSH logins, but it
> will not. Configuration: Linux server (combination internet gateway,
> router, and primary workstation) running SuSE 9.0 (brand new install;
> replaced RedHat 8.0 a week ago, where this problem did not exist).
> Windows 2000 laptop (my employer's), and Windows XP laptop (my wife's).
> All internal LAN access is fine, SMB file and printer sharing works,
> workstations can all get out to the internet, no problems there. But
> when I try to come in from the internet and open a SSH session with the
> firewall up, it will not connect. When I try with the "SuSEfirewall
> test" command, it goes through okay (so I know sshd is running
> correctly). Here's my /etc/sysconfig/SuSEfirewall2, with all the
> comments and blank lines stripped, my comments added:
>
> FW_QUICKMODE="no"
> FW_DEV_EXT="ppp0" # I use DSL
> FW_DEV_INT="eth1"
> FW_DEV_DMZ=""
> FW_ROUTE="yes"
> FW_MASQUERADE="yes"
> FW_MASQ_DEV="$FW_DEV_EXT"
> FW_MASQ_NETS="0/0"
> FW_PROTECT_FROM_INTERNAL="no"
> FW_AUTOPROTECT_SERVICES="yes"
> FW_SERVICES_EXT_TCP="ssh http 5800:5805" # 580x, 590x: VNC
> FW_SERVICES_EXT_UDP=""
> FW_SERVICES_EXT_IP=""
> FW_SERVICES_DMZ_TCP=""
> FW_SERVICES_DMZ_UDP=""
> FW_SERVICES_DMZ_IP=""
> FW_SERVICES_INT_TCP="ssh domain netbios-ssn" # netbios-ssn for SAMBA
> FW_SERVICES_INT_UDP=""
> FW_SERVICES_INT_IP=""
> FW_SERVICES_QUICK_TCP=""
> FW_SERVICES_QUICK_UDP=""
> FW_SERVICES_QUICK_IP=""
> FW_TRUSTED_NETS=""
> FW_ALLOW_INCOMING_HIGHPORTS_TCP="no"
> FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS"
> FW_SERVICE_AUTODETECT="yes"
> FW_SERVICE_DNS="yes"
> FW_SERVICE_DHCLIENT="no"
> FW_SERVICE_DHCPD="yes"
> FW_SERVICE_SQUID="no"
> FW_SERVICE_SAMBA="yes"
> FW_FORWARD=""
> FW_FORWARD_MASQ=""
> FW_REDIRECT=""
> FW_LOG_DROP_CRIT="yes"
> FW_LOG_DROP_ALL="no"
> FW_LOG_ACCEPT_CRIT="yes"
> FW_LOG_ACCEPT_ALL="no"
> FW_LOG="--log-level warning --log-tcp-options --log-ip-option
> --log-prefix SuSE-FW"
> FW_KERNEL_SECURITY="yes"
> FW_STOP_KEEP_ROUTING_STATE="no"
> FW_ALLOW_PING_FW="yes"
> FW_ALLOW_PING_DMZ="no"
> FW_ALLOW_PING_EXT="no"
> FW_ALLOW_FW_TRACEROUTE="yes"
> FW_ALLOW_FW_SOURCEQUENCH="yes"
> FW_ALLOW_FW_BROADCAST="no"
> FW_IGNORE_FW_BROADCAST="yes"
> FW_ALLOW_CLASS_ROUTING="no"
> FW_CUSTOMRULES=""
> FW_REJECT="no"
> FW_HTB_TUNE_DEV=""
>
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]