Firewall problems

lcadwell · 07-27-2001, 09:12 AM

Hi
I'm trying to setup IP masquerading. My network runs fine...until I try to use the firewall. I'm fairly sure it's setup correctly but when the machine boots, it fails after the second phase of the firewall with the messages:
Warning! eth0 not active!
Warning! eth1 not active!

These devices start fine without the firewall.
I'm using SuSE 7.1 with 2 network cards. 1 connected to a cable modem, the other to the internal network.

I've been through the docs to set all the required options in rc.config /etc etc etc....

Can anyone help?

jharris · 07-27-2001, 10:26 AM

It sounds to me like the firewall rules are running before the device is initialised. You using a 2.2 or 2.4 kernel. I know that 2.2 ipchains rules don't mind if the interface isn't there and will just wait until it comes up then apply the rules. You want to run your firewall script later in your boot sequence.

You say the devices work fine without the firewalling - do they not work at all now? To setup IP masquerading all you need are the following lines (assuming support is in your kernel, and you're using ipchains)

Code:

echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ

Clearly this example assumes your using a 192.168.1.* subnet, and offers no protection from incomming connections.

HTH

Jamie...

mychl · 07-28-2001, 12:44 PM

I had the same problem, what I did to fix it was to find the symlinks in my rc1-5 directories, and rename them to start the network sooner and the firewall later.

ex:
S01firewall -> S05firewall
S05network -> S01network

you can igonore the K* entries, they are the kill processes. I had to do it in 3 different places....

HTH

lcadwell · 08-05-2001, 01:19 PM

That seemed to work.

It doesn't bring up the eth0 failed anymore, but it still reports Runlevel 3 services failed as SuSEfirewall_init setup and final.

There's no other error messages. Is there a log of the firewalls startup and is there anything I should look for?

mychl · 08-06-2001, 07:31 PM

Not sure, I'm still working on that.... I get the error messages too... failed services in run level 5..... SuSEfirewall.....

Lemme know if you find anything...

mike

lcadwell · 08-07-2001, 04:12 AM

I've dumped Suse7.1 in favour of Clark connects package. Seems quite cool but it has it's own problems. Anyhow, if you have a look here http://www.suse.com/en/support/downl...s/71_i386.html

there is a patch for SuSEfirewall which states there is problems with startup scripts. Give this a try and let me know. (I may end up reverting to SuSE)

Cheers