Manualshelf

Datasheet

ManualsBrandsNovell ManualsSoftware00662644465449-OEM
671672673674675676677678679680
“main” (Installation and Administration) 2004/6/25 13:29 page 650 #676
i
i
i
i
i
i
i
i
FW_SERVICES_EXT_UDP (firewall)
Leave this blank unless you run a name server and want to make it
available to the outside. In that case, enter the UDP ports to use.
FW_SERVICES_INT_TCP (firewall)
With this variable, define the services available for the internal net-
work. The notation is the same as for FW_SERVICES_EXT_TCP, but
the settings are applied to the internal network. The variable only
needs to be set if FW_PROTECT_FROM_INTERNAL is set to yes.
FW_SERVICES_INT_UDP (firewall)
See above.
FW_STOP_KEEP_ROUTING_STATE (firewall)
Insert yes if you have configured your dial-up procedure to work
automatically via diald or ISDN (dial-on-demand).
After configuring the firewall, test your setup. The firewall rule sets are cre-
ated by entering SuSEfirewall2 start as root. Then use telnet, for
example, from an external host to see whether the connection is actually
denied. After that, review /var/log/messages, where you should see
something like this:
Mar 15 13:21:38 linux kernel: SFW2-INext-DROP-DEFLT IN=eth0
OUT= MAC=00:80:c8:94:c3:e7:00:a0:c9:4d:27:56:08:00 SRC=192.168.10.0
DST=192.168.10.1 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=15330 DF PROTO=TCP
SPT=48091 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0
OPT (020405B40402080A061AFEBC0000000001030300)
Configuration with YaST
The YaST dialogs for the graphical configuration can be accessed from the
YaST Control Center. Select ‘Security and Users’ ‘Firewall’. The configu-
ration is divided into four sections:
Basic Settings Specify the interfaces to protect. To protect an individual
host to which no internal network is connected, just specify the inter-
face facing the Internet. If an internal network is connected to your
system, the interface facing the network must also be specified. Exit
this dialog with ‘Next’.
Services You only need this option to use your system to offer services ac-
cessible from the Internet (web server, mail server, etc.). Activate the
respective check boxes or use ‘Expert...’ to enable services by way of
650
26.3. Masquerading and Firewalls