[Gllug] SuSEFirewall2

Dylan dylan at dylan.me.uk
Mon Nov 25 17:56:39 UTC 2002 

On Monday 25 November 2002 17:36, Michael Sekamanya wrote:
> I faced the same problem recently and realised the if you have set the ip
> address of your ethernet card in a script
> (/etc/sysconfig/network/ifcg-eth0 - Redhat), and you restart your machine,
> you'll have no connection to the internet (even with wvdial) untill you
> bring down the ethernet interface (ifconfig eth0 down) and then (ifconfig
> eth0 up), between these two procedures is when you should establish you
> ppp0 connection to the internet after which, bring up the eth0 interface
> and they you have both connections working fine.

This sounds more like a default routing issue, I think. Which order the 
interfaces are initialised in should make no difference.

>
> To solve this, go the the Network Configuration Tool and set the ppp0
> connection to be the default. This should work fine ( atleast for the
> moment it is working for me).

Your solution suggests I'm right...

>
> This is what I think should be the problem or the reason for this. When you
> restart your server, network services are started as well and the first
> interface for this then will be set as the default network interface (eth0
> in most cases, or in this case). After you run wvdial or anyother ppp
> connection tool, an ip address is assigned to the ppp0 interface by your
> ISP. This then becomes the second network interface which only is available
> if the first isn't for any connection. LIKE I SAID THIS IS ONLY WHAT I
> THINK. In fact try running ssh or telnet from your client and see what
> complications will be there...
>
> ----- Original Message -----
> From: "Dylan" <dylan at dylan.me.uk>
> To: <gllug at linux.co.uk>
> Sent: Monday, November 25, 2002 4:42 PM
> Subject: Re: [Gllug] SuSEFirewall2
>
> On Monday 25 November 2002 16:26, Sudhir Anand wrote:
> > My PC is run on SuSE 8.0.  By default, SuSEFirewall2 is started
> > automatically when the PC boots.  YaST2 was used to set-up the firewall
> > with the intention that the firewall should monitor /dev/ppp0 after a
> > internet connection is established.  A 56k external modem is used to
> > connect to the internet.
> >
> > Internet access is not available if the firewall is running before the
> > connection is established.  However, if the firewall is activated after
>
> the
>
> > connection has been made the internet can be accessed.  Alternatively, I
> > have to shutdown the firewall and restart it after the connection is
> > established.
> >
> > Does this imply that the firewall is not active while the interner
> > connection is running or that this is standard procedure of getting a
> > firewall to monitor internet connections?
>
> The iptables module (which is what SuSEFirewall2 uses) needs to know your
> IP address in order to know which traffic to allow in. Since you have no IP
> address until you make your connection, all the TCP/IP packets are filtered
> out because the firewall doesn't recognise the address. When you restart
> it, it picks up the, now known, IP address, and so allows legitimate
> traffic.
>
> > Is there a way of setting up the
> > firewall so that it does have to be restarted after a connection to the
> > internet has been established with a modem?
>
> I figure you can have it (re-)start at a relevant point in your dial-up
> process, but I wouldn't know how (someone else probably will tho...)
>
> Dylan

-- 
"Sweet moderation
Heart of this nation
Desert us not, we are
Between the wars"

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list