Manualshelf

Specifications

ManualsBrandsCabletron Systems ManualsNetwork CardE2100
191192193194195196197198199200
C
Network Security
allowed through. This gateway or proxy pretends to be the actual client of
the server. In a sense, such a proxy could be considered a masquerading
host on the protocol level used by the application. One example for such a
proxy is Squid, an HTTP proxy server. To use Squid, the browser needs to be
configured to communicate via the proxy, so that any HTTP pages requested
would be served from the proxy cache rather than directly from the Internet.
As another example, the SuSE proxy suite (the package proxy-suite in series
sec) includes a proxy for the FTP protocol.
SuSEfirewall
The SuSEfirewall is a script used for protecting the adminhost. This section
describes the configuration of SuSEfirewall, a rather more challenging task. It
requires a certain degree of experience and understanding. Find documen-
tation about SuSEfirewall in /usr/share/doc/packages/SuSEfirewall.
The theoretical background is also covered in this manual, see Chapter C on
page 195.
The configuration of SuSEfirewall is stored in the file /etc/rc.config.d/
firewall.rc.config and is commented in English. In the following we
demonstrate a successful configuration step by step. For each configuration
item, find a note as to whether it is relevant for firewalling or masquerading.
If you stumble across any comments in the configuration file that are related
to what is called DMZ (or “demilitarised zone”), this is not covered here.
If your requirements are strictly limited to masquerading, fill out the items
marked with masquerading only.
START_FW (firewall, masquerading): Set this variable to yes in
/etc/rc.config, to ensure that the script is started. This enables the
firewall or masquerading.
FW_DEV_WORLD (firewall, masquerading): For example, eth0 as the
device linked to the Internet. In the case of ISDN, choose ippp0 here.
FW_DEV_INT (firewall, masquerading): The device linking you with
the internal, “private” network. Leave this blank if there is no internal
network and the firewall is supposed to protect only the one host.
FW_ROUTE (firewall, masquerading): If you need the masquerading
function, enter yes here. Your internal hosts will not be invisible to the
outside, because their private network addresses (e. g. 192.168.x.x)
are ignored by Internet routers.
187SuSE Linux Firewall on CD2