If you're using SuSEfirewall2 then you need to specify what services are
on the firewall itself. I don't use SuSEfirewall2, but there is a config
file in /etc/sysconfig. See sections 8 and 9 ...
/etc/sysconfig/SuSEfirewall2 :
"
## Type: yesno
## Default: yes
#
# 8.)
# Do you want to autoprotect all running network services on the
firewall?
#
# If set to "yes", all network access to services TCP and UDP on this
machine
# will be prevented (except to those which you explicitly allow, see
below:
# FW_SERVICES_{EXT,DMZ,INT}_{TCP,UDP})
#
# Choice: "yes" or "no", if not set defaults to "yes"
#
FW_AUTOPROTECT_SERVICES="yes"
## Type: string
#
# 9.)
# Which services ON THE FIREWALL should be accessible from either the
internet
# (or other untrusted networks), the dmz or internal (trusted networks)?
# (see no.13 & 14 if you want to route traffic through the firewall) XXX
#
# Enter all ports or known portnames below, seperated by a space.
# TCP services (e.g. SMTP, WWW) must be set in FW_SERVICES_*_TCP, and
# UDP services (e.g. syslog) must be set in FW_SERVICES_*_UDP.
# e.g. if a webserver on the firewall should be accessible from the
internet:
# FW_SERVICES_EXT_TCP="www"
# e.g. if the firewall should receive syslog messages from the dmz:
# FW_SERVICES_DMZ_UDP="syslog"
# For IP protocols (like GRE for PPTP, or OSPF for routing) you need to
set
# FW_SERVICES_*_IP with the protocol name or number (see /etc/protocols)
#
# Choice: leave empty or any number of ports, known portnames (from
# /etc/services) and port ranges seperated by a space. Port ranges are
# written like this: allow port 1 to 10 -> "1:10"
# e.g. "", "smtp", "123 514", "3200:3299", "ftp 22 telnet 512:514"
# For FW_SERVICES_*_IP enter the protocol name (like "igmp") or number
("2")
#
# Common: smtp domain
FW_SERVICES_EXT_TCP=""
## Type: string
# Common: domain
FW_SERVICES_EXT_UDP="" # Common: domain
## Type: string
# For VPN/Routing which END at the firewall!!
FW_SERVICES_EXT_IP=""
## Type: string
#
# Common: smtp domain
FW_SERVICES_DMZ_TCP=""
## Type: string
# Common: domain
FW_SERVICES_DMZ_UDP=""
## Type: string
# For VPN/Routing which END at the firewall!!
FW_SERVICES_DMZ_IP=""
## Type: string
#
# Common: ssh smtp domain
FW_SERVICES_INT_TCP=""
## Type: string
# Common: domain syslog
FW_SERVICES_INT_UDP=""
# For VPN/Routing which END at the firewall!!
FW_SERVICES_INT_IP=""
"
On Mon, 2003-07-28 at 18:10, edvega@xxxxxxxxxxx wrote:
> Hi guys... I had a SuSE 8.0 box acting as a Firewall (with 2 nics)...
> it also had installed an Apache Web Server, and my problem is that any
> of my internal Pc's can't reach any service at the Firewall Box.
>
> I setup the Firewall Rules using YaST, and even set to don't protect
> the Firewall from the internal Network...
>
> Any clue of how to setup or modify that box in order to allow internal
> traffic to legitime services provided by the Firewall on my internal
> Network ?
>
> Thanks !!
>
> bye
>
> --ed
--
--
Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28
--
Attachment:
signature.asc
Description: This is a digitally signed message part