LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-07-2005, 07:53 PM   #1
Quintero
LQ Newbie
 
Registered: Feb 2005
Posts: 19

Rep: Reputation: 0
firewall on suse 9.0


Hi... i'm trying to setup a proxy-firewall on suse 9.0, but i'm new to this. what can you recommend? and also can you tell me where can i get a good manual to start with the above mentioned....

thanks..
 
Old 02-07-2005, 10:56 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Could you be a bit more more specific about what you're looking to set up? SuSE already comes with the iptables firewall and includes it's own configuration tool (SuSEfirewall2). For a proxy server, I'd recommend squid, but that will depend on what you're trying to do.
 
Old 02-10-2005, 04:07 PM   #3
Quintero
LQ Newbie
 
Registered: Feb 2005
Posts: 19

Original Poster
Rep: Reputation: 0
Ok sorry...
i'm trying to setup a firewall for aproximately 50 computers, in which i want to restrict access to certain ports..or url's. and also i'm allready using "squid proxy" to permit access to the internet. as you can see i'm new to linux security in general so if you coul give tha steps o what road to follow i would appreciated very much.

thanks for your patience!
 
Old 02-10-2005, 08:40 PM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
In order to block traffic to the client machines, just filter all traffic at the gateway and block any requests to unauthorized ports (you can do this with both incoming and outgoing traffic) using iptables. SuSE includes SuSEfirewall2, however it can be a bit awkward when dealing with complex firewalling schemes. You may need to use a custom firewall depending on what you would like to do. If you would just like to create a firewall a punch several ports through, SuSEfirewall2 may be adequate.

For http traffic, I'd stick with squid as the proxy and just limit what URLs the internal machines can access using squids ACL features.

For information on creating a custom firewall, I'd recommend reading the following guides:
http://iptables-tutorial.frozentux.n...-tutorial.html
http://www.netfilter.org/documentation/index.html
 
Old 02-14-2005, 07:07 PM   #5
Quintero
LQ Newbie
 
Registered: Feb 2005
Posts: 19

Original Poster
Rep: Reputation: 0
Capt_Caveman
Ok.. i think i now understand a bit more what your telling me i've tried to set up using the firewall that comes on the "webmin" but couldn't get it to work propperly. i tried to find the SuSEfirewall2 but could not locate it.
i think i'm still a "fisher price" kind of student.

thanks in adavance for more help...
 
Old 02-15-2005, 07:14 PM   #6
Quintero
LQ Newbie
 
Registered: Feb 2005
Posts: 19

Original Poster
Rep: Reputation: 0
Cool

hi. ok i've located Firewall2 on SuSE i'll try to set it up.. but if you could send me an example i'll appreciated very much...
thanks in advance...
 
Old 02-15-2005, 08:00 PM   #7
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
There should be a firewall module in SuSEs YAST interface. Once you open it, there should be a wizard you can use to setup packet forwarding and Masquerading (if you need it). There is a really good howto I found from the Unofficial SuSE Faq that has a bunch of example configurations that should help you out:

http://sourceforge.net/project/showf...ease_id=127876

(it's the pdf at the bottom called firewall2....)
 
Old 02-21-2005, 12:56 PM   #8
Quintero
LQ Newbie
 
Registered: Feb 2005
Posts: 19

Original Poster
Rep: Reputation: 0
Hi,to start thanks for the info, it helped a lot, i've all ready got the SuSEfirewall2 up anda running.
now i'm starting tu configure and understand a bit more all the variables..

just another question(it may sound kind of stupid) what does "dmz" stand for?

thanks again!!!!
 
Old 02-21-2005, 11:28 PM   #9
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
dmz == demilitarized zone

This is basically a partially firewalled server. It has one or more services that are publicly accessible but other ports are usually firewalled. More importantly, dmz servers are considered untrusted hosts and are isolated from the internal network (either physically or via firewall) so that if a dmz server is compromised (usually over the publicly accessible service), then the internal LAN clients aren't at increased risk of being compromised or having LAN traffic sniffed.

Last edited by Capt_Caveman; 02-21-2005 at 11:29 PM.
 
Old 02-22-2005, 06:33 PM   #10
Quintero
LQ Newbie
 
Registered: Feb 2005
Posts: 19

Original Poster
Rep: Reputation: 0
thanks for the "dmz" info....!!!!
 
Old 03-04-2005, 01:35 PM   #11
Quintero
LQ Newbie
 
Registered: Feb 2005
Posts: 19

Original Poster
Rep: Reputation: 0
Hi it's me again....i have got SuSEfirewall2 running on my pc but now my problem is that it won't let my other pc's go out to the internet...
my internal network is ip_range:"192.168.1.0" subnet 255.255.255.0 gw:192.168.1.1, from there i have to pass to my other network.. ip_range:148.231.82.0 subnet:255.255.255.192 gw:148.231.82.3
might you have an example i can use.

thank you very much in advance...
 
Old 03-04-2005, 11:40 PM   #12
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Quote:
Originally posted by Quintero
Hi it's me again....i have got SuSEfirewall2 running on my pc but now my problem is that it won't let my other pc's go out to the internet...
my internal network is ip_range:"192.168.1.0" subnet 255.255.255.0 gw:192.168.1.1, from there i have to pass to my other network.. ip_range:148.231.82.0 subnet:255.255.255.192 gw:148.231.82.3
might you have an example i can use.
Make sure that you have packet forwarding enabled. Unfortuntely my SuSE box had a disk failure recently and has been reincarnated as an openBSD system, so I don't have a config for SuSEfirewall2 on hand. However on page 53 of the guide I posted above there is an example config of the variables you need to configure for maquerading/forwarding. On pg 65 there is an example for setting up a transparent squid proxy. If I reload SuSE over the weekend I'll see if I can post something to give you a hand.
 
Old 03-07-2005, 02:10 PM   #13
Quintero
LQ Newbie
 
Registered: Feb 2005
Posts: 19

Original Poster
Rep: Reputation: 0
ok..
i tried what you told me and now i'm able to ping my internal network (eth1: 192.168.1.1), but still can't go my other network(eth0: 148.231.82.21 which is the one that gives me access to the internet)

just to be sure about packet forwarding

i've enabled ip forwaring on the routing option of YaST. is that what you are trying to tell me?
becouse i couldnīt find anything else similar to that.

again..thanks for your help!!!
 
Old 03-10-2005, 07:37 PM   #14
Quintero
LQ Newbie
 
Registered: Feb 2005
Posts: 19

Original Poster
Rep: Reputation: 0
Hi it's me again..sorry but i'm very new to linux in general!!!!

i've got my proxy (squid) working just fine (i think!) but i'm still having problems configuring my SuSEfirewall2 i heard that i could use the firewall "Firestarter", but i've tryed installing the rpm package and coul not get it to install..it is asking me for initscrips and library "libpopt.s0"..
and also, i could not find a version of this firewall for SuSE 9.0

can you please help me!!!!

thanks again for your patience
 
Old 03-10-2005, 08:35 PM   #15
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
With rpm packages, you need to find builds for your specific distro/version, otherwise they won't install properly (this is especially true with suse). So unless you are find a SuSE9-specific rpm it likely won't install. When in doubt you can usually always compile from source.

I actually just burned a copy of SuSE Live, so I'll throw it on a test system tonight and see if I can get a SuSEfirewall2 config.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Need help with SUSE-Firewall wardialer SUSE / openSUSE 1 05-25-2005 12:05 AM
SuSE 9.2 firewall cwolf78 Linux - Software 5 05-12-2005 11:27 PM
suse firewall 3 alaios Linux - Security 1 06-03-2004 01:42 PM
SuSe Firewall on cd SolidSnake Linux - Networking 1 01-20-2004 02:32 PM
Suse 7.3 Firewall Darkstar Linux - Security 2 02-16-2002 07:34 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration