[Gllug] SuSEFirewall2

Michael Sekamanya michaelsekamanya at onetel.net.uk
Mon Nov 25 17:36:50 UTC 2002


I faced the same problem recently and realised the if you have set the ip
address of your ethernet card in a script
(/etc/sysconfig/network/ifcg-eth0 - Redhat), and you restart your machine,
you'll have no connection to the internet (even with wvdial) untill you
bring down the ethernet interface (ifconfig eth0 down) and then (ifconfig
eth0 up), between these two procedures is when you should establish you ppp0
connection to the internet after which, bring up the eth0 interface and they
you have both connections working fine.

To solve this, go the the Network Configuration Tool and set the ppp0
connection to be the default. This should work fine ( atleast for the moment
it is working for me).

This is what I think should be the problem or the reason for this. When you
restart your server, network services are started as well and the first
interface for this then will be set as the default network interface (eth0
in most cases, or in this case). After you run wvdial or anyother ppp
connection tool, an ip address is assigned to the ppp0 interface by your
ISP. This then becomes the second network interface which only is available
if the first isn't for any connection. LIKE I SAID THIS IS ONLY WHAT I
THINK. In fact try running ssh or telnet from your client and see what
complications will be there...

----- Original Message -----
From: "Dylan" <dylan at dylan.me.uk>
To: <gllug at linux.co.uk>
Sent: Monday, November 25, 2002 4:42 PM
Subject: Re: [Gllug] SuSEFirewall2


On Monday 25 November 2002 16:26, Sudhir Anand wrote:
> My PC is run on SuSE 8.0.  By default, SuSEFirewall2 is started
> automatically when the PC boots.  YaST2 was used to set-up the firewall
> with the intention that the firewall should monitor /dev/ppp0 after a
> internet connection is established.  A 56k external modem is used to
> connect to the internet.
>
> Internet access is not available if the firewall is running before the
> connection is established.  However, if the firewall is activated after
the
> connection has been made the internet can be accessed.  Alternatively, I
> have to shutdown the firewall and restart it after the connection is
> established.
>
> Does this imply that the firewall is not active while the interner
> connection is running or that this is standard procedure of getting a
> firewall to monitor internet connections?

The iptables module (which is what SuSEFirewall2 uses) needs to know your IP
address in order to know which traffic to allow in. Since you have no IP
address until you make your connection, all the TCP/IP packets are filtered
out because the firewall doesn't recognise the address. When you restart it,
it picks up the, now known, IP address, and so allows legitimate traffic.

> Is there a way of setting up the
> firewall so that it does have to be restarted after a connection to the
> internet has been established with a modem?

I figure you can have it (re-)start at a relevant point in your dial-up
process, but I wouldn't know how (someone else probably will tho...)

Dylan

--
"Sweet moderation
Heart of this nation
Desert us not, we are
Between the wars"

--
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list