Specifications
3
Firewall Administration System (FAS)
Protocol TCP
Local address 192.168.10.0/255.255.255.192
Remote address 0.0.0.0
from Port 1
to Port 65535
Protocol UDP
Local address 192.168.10.0/255.255.255.192
Remote address 0.0.0.0
from Port 1
to Port 65535
Protocol ICMP
Local address 192.168.10.0/255.255.255.192
Remote address 0.0.0.0
3. Destination NAT Destination NAT rules are not required at Example,
Inc.
Kernel Runtime Setup
The Kernel Runtime Setup is a matter for professionals. By default, sensi-
ble values have been set there for the SuSE Firewall on CD. The module is
shown in Figure 3.21 on the following page. In most cases, the various mod-
ules access the relevant entries automatically. Documentation about this can
be found in the kernel documentation in the kernel source package. Do not
change anything here if you are not completely sure of the implications.
The Example, Inc., Configuration
Example, Inc., received a large network from its provider (255.255.255.240).
Since no additional transfer network is available between the router and the
firewall, the firewall must distribute the public addresses of the DMZ in the
direction of the router.
To achieve this, the proxy-arp function is activated on the network inter-
face eth0. This causes the kernel to reply to all arp requests for routes known
to it. To do this, select ‘net’ ➝ ‘ipv4’ ➝ ‘conf’ ➝ ‘eth0’ ➝ ‘proxy_arp’ then
activate ‘Status’.
By default, the kernel has a delay in responding to proxy_arp re-
quests. This should be reduced with ‘net’ ➝ ‘ipv4’ ➝ ‘neigh’ ➝ ‘eth0’ ➝
‘proxy_delay’ ➝ ‘10’
59SuSE Linux – Firewall on CD2