[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] SuSEfirewall2 Anti SPOOFING



Guys

I've got myself a little confused over some issues I'm having on this and 
despite reading Togan's primer don't seem to be winning.

                          ADSL router -10.10.99.1
                                     | DHCP , DNS
                                     |
                               eth1 10.10.99.5
                                    |   ssh
                                    |
                               eth0 10.10.200.254
                                    | squid, squidguard, internal http
                                    |
                                 rest of Lan

SuSEfirewall2

FW_ALLOW_INCOMING_HIGHPORTS_TCP="no"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS domain"

Logs I get the following when the firewall has been started and the browsers 
hang - squid trying for dns resolution I suspect

Feb 24 17:57:37 localhost kernel: SuSE-FW-DROP-ANTI-SPOOF IN=eth1 OUT= 
MAC=00:80:ad:8e:f9:64:00:d0:41:0e:92:1f:08:00 SRC=10.10.99.1 DST=10.10.99.5 
LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=51956 PROTO=UDP SPT=53 DPT=1052 LEN=128

Squid is setup to use the nameserver from resolv.conf as 10.10.99.1 as 
provided by dhcp.

Does this indicate I should provide a local dns rather than pass through the 
firewall ?

Cheers, all help warmly appreciated.

--
Stephen Prendergast
SP Software Ltd
07 570 1452
021 466 247



--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here