I should add that I am using openSUSE 11.1. My /etc/sysconfig/SuSEfirewall2 contents are as follows:
Code:
FW_DEV_EXT="any eth0 wlan0"
FW_DEV_INT=""
FW_DEV_DMZ=""
FW_ROUTE="no"
FW_MASQUERADE="no"
FW_MASQ_DEV="zone:ext"
FW_MASQ_NETS="0/0"
FW_NOMASQ_NETS=""
FW_PROTECT_FROM_INT="no"
FW_SERVICES_EXT_TCP=""
FW_SERVICES_EXT_UDP=""
FW_SERVICES_EXT_IP=""
FW_SERVICES_EXT_RPC=""
FW_CONFIGURATIONS_EXT=""
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_DMZ_RPC=""
FW_CONFIGURATIONS_DMZ=""
FW_SERVICES_INT_TCP=""
FW_SERVICES_INT_UDP=""
FW_SERVICES_INT_IP=""
FW_SERVICES_INT_RPC=""
FW_CONFIGURATIONS_INT=""
FW_SERVICES_DROP_EXT=""
FW_SERVICES_DROP_DMZ=""
FW_SERVICES_DROP_INT=""
FW_SERVICES_REJECT_EXT=""
FW_SERVICES_REJECT_DMZ=""
FW_SERVICES_REJECT_INT=""
FW_SERVICES_ACCEPT_EXT=""
FW_SERVICES_ACCEPT_DMZ=""
FW_SERVICES_ACCEPT_INT=""
FW_SERVICES_ACCEPT_RELATED_EXT=""
FW_SERVICES_ACCEPT_RELATED_DMZ=""
FW_SERVICES_ACCEPT_RELATED_INT=""
FW_TRUSTED_NETS="10.0.0.0/24"
FW_ALLOW_INCOMING_HIGHPORTS_TCP=""
FW_ALLOW_INCOMING_HIGHPORTS_UDP=""
FW_FORWARD=""
FW_FORWARD_REJECT=""
FW_FORWARD_DROP=""
FW_FORWARD_MASQ=""
FW_REDIRECT=""
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="yes"
FW_LOG_ACCEPT_CRIT="no"
FW_LOG_ACCEPT_ALL="no"
FW_LOG_LIMIT=""
FW_LOG=""
FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="no"
FW_ALLOW_FW_SOURCEQUENCH=""
FW_ALLOW_FW_BROADCAST_EXT=""
FW_ALLOW_FW_BROADCAST_INT=""
FW_ALLOW_FW_BROADCAST_DMZ=""
FW_IGNORE_FW_BROADCAST_EXT="yes"
FW_IGNORE_FW_BROADCAST_INT="no"
FW_IGNORE_FW_BROADCAST_DMZ="no"
FW_ALLOW_CLASS_ROUTING=""
FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
FW_REJECT=""
FW_REJECT_INT="yes"
FW_HTB_TUNE_DEV=""
FW_IPv6=""
FW_IPv6_REJECT_OUTGOING=""
FW_IPSEC_TRUST="no"
FW_ZONES=""
FW_USE_IPTABLES_BATCH=""
FW_LOAD_MODULES="nf_conntrack_netbios_ns"
FW_FORWARD_ALWAYS_INOUT_DEV=""
FW_FORWARD_ALLOW_BRIDGING=""
iptables -tulpen gives the following:
Code:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:39496 0.0.0.0:* LISTEN 1000 52632 15541/skype
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 60 10410 4188/mysqld
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 0 7706 2997/rpcbind
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 65534 30477 10521/dansguardian
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 0 8130 3176/X
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 0 11794 4494/vsftpd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 11689 4469/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 0 9878 4190/cupsd
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 0 30424 10508/(squid)
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 11312 4384/master
tcp 0 0 :::111 :::* LISTEN 0 7711 2997/rpcbind
tcp 0 0 :::6000 :::* LISTEN 0 8129 3176/X
tcp 0 0 :::22 :::* LISTEN 0 11691 4469/sshd
udp 0 0 0.0.0.0:55055 0.0.0.0:* 31 30418 10508/(squid)
udp 0 0 0.0.0.0:3130 0.0.0.0:* 0 30425 10508/(squid)
udp 0 0 0.0.0.0:68 0.0.0.0:* 0 16787 5182/dhclient
udp 0 0 0.0.0.0:39496 0.0.0.0:* 1000 52633 15541/skype
udp 0 0 0.0.0.0:3401 0.0.0.0:* 0 30426 10508/(squid)
udp 0 0 0.0.0.0:5353 0.0.0.0:* 103 9771 4128/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 0 7636 2997/rpcbind
udp 0 0 0.0.0.0:631 0.0.0.0:* 0 9885 4190/cupsd
udp 0 0 0.0.0.0:35450 0.0.0.0:* 103 9772 4128/avahi-daemon:
udp 0 0 10.0.0.103:123 0.0.0.0:* 74 18789 4333/ntpd
udp 0 0 172.16.25.1:123 0.0.0.0:* 0 10762 4333/ntpd
udp 0 0 172.16.91.1:123 0.0.0.0:* 0 10761 4333/ntpd
udp 0 0 127.0.0.2:123 0.0.0.0:* 0 10760 4333/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 0 10759 4333/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 0 10704 4333/ntpd
udp 0 0 0.0.0.0:1020 0.0.0.0:* 0 7705 2997/rpcbind
udp 0 0 127.0.0.1:35325 0.0.0.0:* 1000 49688 15541/skype
udp 0 0 :::177 :::* 0 8074 3142/gdm
udp 0 0 :::111 :::* 0 7708 2997/rpcbind
udp 0 0 fe80::213:2ff:fe6c::123 :::* 74 18788 4333/ntpd
udp 0 0 fe80::250:56ff:fec0:123 :::* 0 10712 4333/ntpd
udp 0 0 ::1:123 :::* 0 10711 4333/ntpd
udp 0 0 fe80::250:56ff:fec0:123 :::* 0 10710 4333/ntpd
udp 0 0 :::123 :::* 0 10705 4333/ntpd
udp 0 0 :::1020 :::* 0 7710 2997/rpcbind
Thanks again.
Regards,
Jeff Shantz