Manualshelf

Datasheet

ManualsBrandsNovell ManualsSoftware00662644465449-OEM
671672673674675676677678679680
“main” (Installation and Administration) 2004/6/25 13:29 page 649 #675
i
i
i
i
i
i
i
i
26
Security in the Network
First, use the YaST runlevel editor to enable SuSEfirewall2 in your runlevel
(3 or 5 most likely). It sets the symlinks for the SuSEfirewall2_* scripts in
the /etc/init.d/rc?.d/ directories.
FW_DEV_EXT (firewall, masquerading)
The device linked to the Internet. For a modem or DSL connection,
enter ppp0. For an ISDN link, use ippp0. Specify auto to use the
interface that corresponds to the default route.
FW_DEV_INT (firewall, masquerading)
The device linked to the internal, private network (such as eth0).
Leave this blank if there is no internal network and the firewall
protects only the host on which it runs.
FW_ROUTE (firewall, masquerading)
If you need the masquerading function, set this to yes. Your internal
hosts will not be visible to the outside, because their private network
addresses (e.g., 192.168.x.x) are ignored by Internet routers.
For a firewall without masquerading, only set this to yes if you want
to allow access to the internal network. Your internal hosts need
to use officially registered IPs in this case. Normally, however, you
should not allow access to your internal network from the outside.
FW_MASQUERADE (masquerading) Set this to yes if you need the mas-
querading function. It is more secure to have a proxy server between
the hosts of the internal network and the Internet.
FW_MASQ_NETS (masquerading) Specify the hosts or networks to mas-
querade, leaving a space between the individual entries. For example:
FW_MASQ_NETS="192.168.0.0/24 192.168.10.1"
FW_PROTECT_FROM_INTERNAL (firewall)
Set this to yes to protect your firewall host from attacks originating
in your internal network. Services are only be available to the internal
network if explicitly enabled. Also see FW_SERVICES_INT_TCP and
FW_SERVICES_INT_UDP.
FW_AUTOPROTECT_SERVICES (firewall)
Normally, set this to yes to enable automatic generation of explicit
rules for running services.
FW_SERVICES_EXT_TCP (firewall)
Enter the TCP ports that should be made available. Leave this blank
for a normal workstation at home that should not offer any services.
649SUSE LINUX Enterprise Server