LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-12-2006, 11:59 PM   #1
narayanaras
LQ Newbie
 
Registered: Dec 2006
Posts: 19

Rep: Reputation: 0
How to set up personal firewall in SuSE SLED 10?


Hi all,

I am a Linux Newbie (but Windows veteran). I am trying out the SuSE SLED 10 (Eval) in dual boot mode with Windows XP (SP-2). I am connected to Internet through an external ADSL modem, which is connected to my PC through an Ethernet cable.

While setting the firewall (through YAsT), I cannot decide which mode to set.

I referred to some commercial books on SuSE. The book describes a firewall that needs to run on a separate machine; to protect PCs/servers on a LAN.

For example, it says that the firewall has three interfaces:
1. "Internet" (connected to Internet)
2. "Internal network" (All PCs on the LAN)
3. "De-Militarized Zone" (DMZ)-- For servers (FTP, Web server, etc)

I checked the forum about this, and the thread http://www.linuxquestions.org/questi...d.php?t=411432 says that this is meant for a computer with 3 network cards.

But this makes sense only if I have another machine to run the firewall. But that's not the case here: I only want the firewall protection for my home PC.

Secondly, although the book describes three separate connections that exist simultaneously, my GUI provides all of them from a single pull-down menu, which implies that I can select only ONE of the options. This is confusing!

Thirdly, the pull-down menu of the Firewall GUI does not have a "personal firewall" option, where there is only one outgoing connection (to the ADSL modem).

What should I do?

Thanks in advance!

Last edited by narayanaras; 12-13-2006 at 12:21 AM.
 
Old 12-13-2006, 01:27 AM   #2
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670
I'm assuming that the YaST2 firewall configuration is similar to OpenSUSE 10.1.
In the firewall2 YaST2 configuration, select "interfaces". Select the NIC interface that connects to your modem. Then select "external" in the drop down list.

If you have another NIC interface that connects to a LAN, then do the same, but select "inside". The DMZ zone would connect to another computer or network that you were using as an internet server, such as a web server or ftp server. This is the setting you would use if you were offering a server on the internet and this computer functioned as your filewall.

Now on the same list where you selected selected the interface, select "services" instead.
Select "external" on the first drop down box on the page. Then select the service to allow through the firewall in the second drop down box and click the Add button.
For an interface that connects to the internet, only select a service that you are offering to the modem or outside world. It could be that all you need to select is "DHCP Client" if your modem offers a DHCP service and you get your IP address that way.

Last edited by jschiwal; 12-13-2006 at 01:33 AM.
 
Old 12-13-2006, 04:24 AM   #3
narayanaras
LQ Newbie
 
Registered: Dec 2006
Posts: 19

Original Poster
Rep: Reputation: 0
Thanks a lot for the reply. I will try it tonight and revert.

My home PC is a stand-alone (there is no LAN), and it has only one network card.

I actually used the "DMZ" option, because the "Internal Network" option in the pull-down says "(No protection)", which seemed alarming! I thought that this option assumes that I am in the secure LAN zone; which is protected by another firewall (running on another PC/server)!

But I am not running any servers on my home PC. Neither do I expect anyone from outside to make an inbound connection (such as P2P or FTP; if these are the correct examples). So, in that case, should I select the "External" option (not "DMZ")?

Last edited by narayanaras; 12-13-2006 at 04:25 AM.
 
Old 12-14-2006, 04:07 AM   #4
narayanaras
LQ Newbie
 
Registered: Dec 2006
Posts: 19

Original Poster
Rep: Reputation: 0
I checked this out: Changing to the "external" option is easy (I just have to select that from the pull-down menu).

But that's not the basic issue: The moot point is, is that the right choice in my case?
 
Old 12-14-2006, 04:34 AM   #5
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670
Use "external". It's purpose is to protect you from the internet. Internal is for interfaces behind a firewall. If in the future, you add another computer, you could add another interface and select internal for it. If you have only one IP address assigned, you could use NAT to allow the second computer to access the internet, though your first computer. The second interface of the first computer and the interface of the second computer should both have an IP address from a private range (Such as 192.168.1.xxx). You would select "internal" for those interfaces.

The button on the bottom of the firewall setup will engage the firewall for internal interfaces as well. The DMZ option is for a device outside of a network firewall that is offering services over the internet. The setup allows you to define different rules for different roles. You could even define your own type and use that instead or as well as another.

In your case, with only one computer, I think you only want to select "DHCP Client" in the port drop-down list and click Add to add that service. I'm not 100% certain on the port because I've never used DSL so I don't have to deal with dialing and ppoe. If you were assigned a static internet IP address, then you don't use dhcp.

Last edited by jschiwal; 12-14-2006 at 04:40 AM.
 
Old 12-15-2006, 10:25 PM   #6
narayanaras
LQ Newbie
 
Registered: Dec 2006
Posts: 19

Original Poster
Rep: Reputation: 0
Thank you for the tips!

@DHCP:
I contacted the service provider (BSNL), which provided guidance for Linux. (The steps are same as in case of Windows). So connecting to Internet was fairly easy.

In fact, even when I had set the zone to "DMZ", I could access the Internet (thank god my modem didn't turn out to be a Winmodem!) But now I am happy that my protection is correctly set.

Thanks once again!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how do u set up modem/firewall? suse 10.0 tomolesonjr Linux - General 4 04-03-2006 07:29 PM
How to set up suse firewall properly? sirius57 Linux - Security 8 02-09-2006 12:28 PM
Suse 9.0 Personal Firewall cofiguration salmanal SUSE / openSUSE 4 01-27-2005 12:29 PM
How to set up the firewall properly with SuSE 9.1? jnassiri Linux - Security 2 08-03-2004 12:51 AM
SUSE 9.1 personal firewall masquerading - disabling mrpringle Linux - Software 4 07-06-2004 09:42 AM


All times are GMT -5. The time now is 04:42 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration