I have a work desktop plugged into the work network. As I opened my firewall settings I noticed that it is turned off. My question is how should I configure it? I saw that the interface isn't assigned to any zone... I should assign to internal zone and open some port that I need in order to work? There are some guidelines for configuring the firewall?
View 2 Replies
I tryed to setup a second IP address with yast on a openSUSE 11.2 on eth0 as eth0:2nd but with a different firewall zone. But SUSE firewall just see eth0.
I want to define with services are available on with IP address. Also with custom rules I can't specify a destination IP.
So now can I do this with yast? Or have I todo this manually without SUSE firewall?
I am just trying to get SSH working between 2 local machines on OpensSuse 11.4 boxes. I have the SSHD daemon running, the firewall is configured to allow SSH to pass, and I am using SSH's password authentication. However, my machines cannot see each other. Anytime I try to SSH, I get "Could not resolve hostname<hostname>: Name or service not known."
Of course, that leads me to believe I need an entry in my /etc/hosts file. However, I use DHCP, and therefore have a dynamic IP address. Therefore, my hosts names will only be good until the next IP renewal. How in the world do I configure SSH with a DHCP assigned address?
We have a 10.0.0.x network with a working DNS Server (BIND) setup. Recently we purchased Watchguard firewall and configured three networks, so that our internal network can be divided into three networks and talk to each other through firewall routing. So I configured three ips 192.168.0.1,172.16.0.1 and 10.0.0.1 for local network card in the firewall router. I separated three networks and individually configured machines with static ip and given gateway as the above ips. Now, I need to configure DNS server for each zone in the same server which is in the network 10.0.0.x, is this possible?. If yes do I need to setup ip aliases for eth0 in the DNS server with different ips from each network?
View 1 Replies View RelatedI'm looking forward to the release of openSUSE 11.4, which I'm looking to install as an Internet facing gateway on a mini-ITX machine with 2 Ethernet cards. As such I've been reading up on the YaST Firewall trying to find out to configure it, and there's one thing I'd like to be able to do: 'stealth' all the firewall ports.
In other words, if someone were to hypothetically do a port scan of my external IP address, I would rather they not know whether any of the ports on my gateway are open or closed, so instead of replying with the status of those ports the packets get dropped. I've been able to do this with a product called Astaro Security Gateway, which I currently have installed on a second hand Dell Optiplex machine, but I am now looking into the possibility of installing this as a virtual machine inside an openSUSE 11.4 host (extra level of security) and would like the same functionality for the host OS.
I have a server with 14 IP's on eth0. I'm using virtual interfaces to handle the IP's, but the iptables don't seem to work on the virtual interface. It blocks ports that I want open. I'm not that great with iptables, I use what I have because it works for me, but as far as tweaking it, I'm pretty lost.
My iptables:
# Simple Firewall configuration
#
# Set default policies --------
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
#
# Internal Networks -----------
#-A INPUT -s <private.class.C>/24 -d <private.class.C>/24 -i eth1 -j ACCEPT
#
# Loopback --------------------
-A INPUT -s 0/0 -d 0/0 -i lo -j ACCEPT
#
# Accept established connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# Services --------------------
#
# For SSH gateway
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 22 -m state --state NEW -j ACCEPT
#
# For SMTP gateway
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 25 -m state --state NEW -j ACCEPT
#
# For FTP server
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 20 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 21 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 53 -m state --state NEW -j ACCEPT
#
# HTTP services
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 80 -m state --state NEW -j ACCEPT
#
# HTTPS services
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 443 -m state --state NEW -j ACCEPT
#
# POP-3 services
#-A INPUT -p tcp -s 0/0 -d 0/0 --dport 110 -m state --state NEW -j ACCEPT
#
# IMAP services
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 143 -m state --state NEW -j ACCEPT
#
#PLESK
#-A INPUT -p tcp -s 0/0 -d 0/0 --dport 8443 -m state --state NEW -j ACCEPT
#
#Games
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 28960 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 28960 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27666 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27666 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 28961 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 28961 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 28962 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 28962 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27015 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27015 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27016 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27016 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27017 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27017 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27020 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27020 -m state --state NEW -j ACCEPT
# Disallow fragmented packets
-A INPUT -f -j DROP
#
# Log & Block broadcast packets
-A INPUT -d 255.255.255.255/0.0.0.255 -j LOG
-A INPUT -d 255.255.255.255/0.0.0.255 -j DROP
# Log & Block multicast packets
-A INPUT -d 224.0.0.1 -j LOG
-A INPUT -d 224.0.0.1 -j DROP
#
# Log and drop all other incoming packets
-A INPUT -j LOG
-A INPUT -j DROP
#
COMMIT
I've got my server mostly configured with Samba file shares - I can access from Linux and OSX computers. I've enabled Samba Clietn and Sambar server in the openSUSE firewall settings (on the server), but Windows 7 can't seem to connect. I've been trying to tweak registry keys in Windows and such, but had no luck. However, when I turned off the firewall on the server, I was instantly able to connect. Is there some other service or port I need to open for Windows 7?
View 4 Replies View RelatedI've searched a lot across the web and this forum in particular, but wasn't able to find the solution. The settings of the firewall are too cryptic to me. When the firewall is turned off everything is OK, but it is uncomfortable to turn it on and off every time I watch IPTV.
View 8 Replies View RelatedI have a server machine that is running SUSE Linux Enterprise Server 11. I set up a mysql server there. Now I want to access this mysql server from my laptop. I used the following command,
> mysql -h 12.246.5.70 -u davidehs -p
I found if the firewall on the server machine is running, I can not connect the mysql server from my laptop. If I stop the firewall first, and the do the connection, I can access the mysql. how to keep the firewall running and allow the remote mysql incoming requests?
I have a server machine that is running SUSE Linux Enterprise Server 11. I set up a mysql server there. Now I want to access this mysql server from my laptop. I used the following command,
> mysql -h 12.246.5.70 -u davidehs -p
I found if the firewall on the server machine is running, I can not connect the mysql server from my laptop. If I stop the firewall first, and the do the connection, I can access the mysql. Do you guys have any idea how to keep the firewall running and allow the remote mysql incoming requests?
I have tried various rules, like opening port 53 for the DNS with little success. I finally figured that you need to set the source port to 53 and NOT the destination port.However, I have been unable to figure out what ports apt-get requires. The only way I get it to work is to accept everything in iptables.
View 1 Replies View RelatedIf I configure my OpenSuSE 11.2 system to use a proxy server in the YaST Proxy module, do I still need to configure my browser (i.e Firefox) to use these proxy settings, or is it done automatically under the covers?
View 1 Replies View RelatedI run a small (cabled) network between a desktop with XP with two printers hooked to it and a laptop with Ubuntu 10.04.1 64b. I can approach and use these printers from my laptop and filesharing works also. BUT ... this only works when my Ubuntu firewall (Gufw 10.04.5) is switched off. I am operating behind my router_modem which has a hardware type of firewall switched on at all times so I presume I'm safe. Now my questions:
1. Is this really safe enough?
2. What kind of settings would Gufw need to be able to use it AND use my mini-network for printing? I have no experience whatsoever with firewall rules and settings.
today I tried to configure a network route to a host for testing my network interface. Code: route add 192.168.1.15 eth0 As I have to eth interfaces and both interface got their IP from DHCP (192.168.1.11 and 192.168.1.12) and are in the same subnet, I shut the other interface down:
Code: ifconfig eth1 down Then I tried to test the interface by doing a ping to 192.168.1.15.
Problem: When I unplug the cable from eth0 (and eth1 is still plugged) the ping still works. Somehow my linux (it's debian) powers up again eth0 and pings over this port.
How can I stop my linux doing this. I just want to have the route added only on the one interface - not the other. Is it maybe some case of a default-gateway?
I suspect this is an initial configuration bug. All firewall logs seem to be going to all
three files. That causes a lot of clutter in the log files, and makes it difficult to see whether there are any serious problems being logged.
I am trying to configure a wireless connection from YAST under the Network Settings tool.It doesn't seem to do anything. My USB wifi device is detected in YAST > Hardware and I am using the module it says Hardware is using. It doesn't seem to save the module under YAST> Network Settings> Network Card Setup. Is this tool broken or useless? It seems setting up WiFi should be easier than this. YAST should work shouldn't it?
View 9 Replies View Relatedwhat I need to do to the firewall in order to make a shared printer available to other machines on my network?
I have the printer set up and have tested it with the firewall switched off, but as soon as I restart the firewall, the printer is inaccessible.
I thought that all traffic on the internal network was allowed, but it seems that I need to create an explicit rule in order to get the shared printer working. Unfortunately, I haven't been able to figure out how to do that yet.
i have ubuntu 10.10 and i want to configure my interface eth0 with the commande line with owner (not the Root)$ifconfig : this commande works and listed all interface with some description -> thats goodbut when i use some parametre like @ip and netmask
$ifconfig eth0 10.10.10.1 netmask 255.255.255.0
SIOCSIFADDR: Permission denied
SIOCSIFFLAGS: Permission denied
[code]...
I have a DNS server with 3 zonesone is dynamic with an associated reverse and one is static
Everything was fine until I added a single host in the staticzone then the server stopped resolving names in that zoneThe only way I could get it to work again was delete the whole zone and re enter the zone and hosts
I used the network manager to configure my eth0 interface.It is working fine. I have found the nameserver entries in /etc/resolv.conf files. But the /etc/network/interfaces file does not carry the ip, netmask, gateway,network and broadcast entries. It only has a entry for the lo interface. where are the settings for eth0 as done by the network manager, stored in case of ubuntu?
View 7 Replies View RelatedI want to use a static ip address on my wireless network but when I click configure in network tools it keeps telling me The interface does not exist and to Check that it is correctly typed and that it is correctly supported by your system
View 5 Replies View RelatedI'm using the yast2 gui interface to configure apache. I think its called yast2_http_server. I added one website with *:80 set as the virtualhost ID. When I go to add a second website with the same thing, it errors out with: The IP address is already configured on another virtual host: *:80/mydomain.com. I have another opensuse box with many websites in apache configured this way.
View 1 Replies View RelatedI am new to UBUNTU. I installed the latest one alongside windows 7. I am having problem with the internet connectivity. I configured the static ip settings right I guess. Edited the Auto eth1 and assigned ipv4 settings manually and entered everything correctly.
Address 192.168.xx.xx
Netmask 255.255.255.0
Gateway 192.168.xx.xxx
DNS Server xxx.xxx.xx.x, xxx.xxx.xx.x
Do I have to put MAC Address as well? Which is addressed as 'Network address' in Windows where I put this MAC. I have on board Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.20) Network adapter. Do I have to install the driver?
I want some advice for making my system more secure. I want deactivate any network connection that is unnecessary. Only my browser and the update ability of zypper should have access to the internet. On windows there are personal firewalls.
How can I block internetaccess for all other programmes on openSUSE?
Samba is working correctly if Susefirewall2 is off. I have added Samba client and Samba Services for extern access but samba is not working when firewall is now on. Which services should I also add ?
View 1 Replies View Relatedhow to configure reverse zone for x.x.x.x/18 subnet ,all the example on the internet are for /24 or /16 subnets?
View 9 Replies View Relatedi hav configure dhcp server. but the ip is not getting assigned to my client machine.
View 3 Replies View RelatedThe default Gnome desktop now has a 1600x1200 @ 75 Hz which fit my monitor but is a little too big (or at least the font sizes are too small). I would like to switch to a lower resolution. I don't find anywhere in Yast how to configure the monitor settings. No more sax2, no more /etc/X11/xorg.conf? What does replace them?
I mean, where can I set which monitor I"m using (Targa TM4896-1), what are the screen resolutions supported, if I want hardware 3D acceleration (or not), if I want to use dualhead (Matrox G400 DH)?
I successfully configured my local DNS server. I have server1.mydomain.com, pc1.mydomain.com and so on ..
The problem is that my website is hosted on an external server (not on the local network), so www.mydomain.com is not found in the configured zone/subnet
How can I tweak my DNS to fetch ALL subdomains from the gateway (just as it went before the DNS existed)?
Last night while setting up wired & wireless connection in openSuse 11.2 Gnome version via YAST's ifup, I got wireless but lost wired connection (interface eth0). Dmesg shows that eth0 became eth1. I cannot get eth0 back. Is there any way to remedy this situation, eg. get info from the Ubuntu partition in my triple-boot laptop, without having to re-install openSUSE?
View 3 Replies View Related
