-   Linux - Security (
-   -   firewall on suse 9.0 (

Quintero 02-07-2005 07:53 PM

firewall on suse 9.0
Hi... i'm trying to setup a proxy-firewall on suse 9.0, but i'm new to this. what can you recommend? and also can you tell me where can i get a good manual to start with the above mentioned....


Capt_Caveman 02-07-2005 10:56 PM

Could you be a bit more more specific about what you're looking to set up? SuSE already comes with the iptables firewall and includes it's own configuration tool (SuSEfirewall2). For a proxy server, I'd recommend squid, but that will depend on what you're trying to do.

Quintero 02-10-2005 04:07 PM

Ok sorry...
i'm trying to setup a firewall for aproximately 50 computers, in which i want to restrict access to certain ports..or url's. and also i'm allready using "squid proxy" to permit access to the internet. as you can see i'm new to linux security in general so if you coul give tha steps o what road to follow i would appreciated very much.

thanks for your patience!

Capt_Caveman 02-10-2005 08:40 PM

In order to block traffic to the client machines, just filter all traffic at the gateway and block any requests to unauthorized ports (you can do this with both incoming and outgoing traffic) using iptables. SuSE includes SuSEfirewall2, however it can be a bit awkward when dealing with complex firewalling schemes. You may need to use a custom firewall depending on what you would like to do. If you would just like to create a firewall a punch several ports through, SuSEfirewall2 may be adequate.

For http traffic, I'd stick with squid as the proxy and just limit what URLs the internal machines can access using squids ACL features.

For information on creating a custom firewall, I'd recommend reading the following guides:

Quintero 02-14-2005 07:07 PM

Ok.. i think i now understand a bit more what your telling me i've tried to set up using the firewall that comes on the "webmin" but couldn't get it to work propperly. i tried to find the SuSEfirewall2 but could not locate it.
i think i'm still a "fisher price" kind of student.

thanks in adavance for more help...

Quintero 02-15-2005 07:14 PM

hi. ok i've located Firewall2 on SuSE i'll try to set it up.. but if you could send me an example i'll appreciated very much...
thanks in advance...:scratch:

Capt_Caveman 02-15-2005 08:00 PM

There should be a firewall module in SuSEs YAST interface. Once you open it, there should be a wizard you can use to setup packet forwarding and Masquerading (if you need it). There is a really good howto I found from the Unofficial SuSE Faq that has a bunch of example configurations that should help you out:

(it's the pdf at the bottom called firewall2....)

Quintero 02-21-2005 12:56 PM

Hi,to start thanks for the info, it helped a lot, i've all ready got the SuSEfirewall2 up anda running.
now i'm starting tu configure and understand a bit more all the variables..

just another question(it may sound kind of stupid) what does "dmz" stand for?

thanks again!!!!

Capt_Caveman 02-21-2005 11:28 PM

dmz == demilitarized zone

This is basically a partially firewalled server. It has one or more services that are publicly accessible but other ports are usually firewalled. More importantly, dmz servers are considered untrusted hosts and are isolated from the internal network (either physically or via firewall) so that if a dmz server is compromised (usually over the publicly accessible service), then the internal LAN clients aren't at increased risk of being compromised or having LAN traffic sniffed.

Quintero 02-22-2005 06:33 PM

thanks for the "dmz" info....!!!!

Quintero 03-04-2005 01:35 PM

Hi it's me again....i have got SuSEfirewall2 running on my pc but now my problem is that it won't let my other pc's go out to the internet...
my internal network is ip_range:"" subnet gw:, from there i have to pass to my other network.. ip_range: subnet: gw:
might you have an example i can use.

thank you very much in advance...

Capt_Caveman 03-04-2005 11:40 PM


Originally posted by Quintero
Hi it's me again....i have got SuSEfirewall2 running on my pc but now my problem is that it won't let my other pc's go out to the internet...
my internal network is ip_range:"" subnet gw:, from there i have to pass to my other network.. ip_range: subnet: gw:
might you have an example i can use.

Make sure that you have packet forwarding enabled. Unfortuntely my SuSE box had a disk failure recently and has been reincarnated as an openBSD system, so I don't have a config for SuSEfirewall2 on hand. However on page 53 of the guide I posted above there is an example config of the variables you need to configure for maquerading/forwarding. On pg 65 there is an example for setting up a transparent squid proxy. If I reload SuSE over the weekend I'll see if I can post something to give you a hand.

Quintero 03-07-2005 02:10 PM

i tried what you told me and now i'm able to ping my internal network (eth1:, but still can't go my other network(eth0: which is the one that gives me access to the internet)

just to be sure about packet forwarding

i've enabled ip forwaring on the routing option of YaST. is that what you are trying to tell me?
becouse i couldnīt find anything else similar to that.

again..thanks for your help!!!

Quintero 03-10-2005 07:37 PM

Hi it's me again..sorry but i'm very new to linux in general!!!!

i've got my proxy (squid) working just fine (i think!) but i'm still having problems configuring my SuSEfirewall2 i heard that i could use the firewall "Firestarter", but i've tryed installing the rpm package and coul not get it to is asking me for initscrips and library "libpopt.s0"..
and also, i could not find a version of this firewall for SuSE 9.0

can you please help me!!!!

thanks again for your patience

Capt_Caveman 03-10-2005 08:35 PM

With rpm packages, you need to find builds for your specific distro/version, otherwise they won't install properly (this is especially true with suse). So unless you are find a SuSE9-specific rpm it likely won't install. When in doubt you can usually always compile from source.

I actually just burned a copy of SuSE Live, so I'll throw it on a test system tonight and see if I can get a SuSEfirewall2 config.

All times are GMT -5. The time now is 08:56 PM.