Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Firewall Allowed Services

  1. #1

    Default Firewall Allowed Services

    Hi,

    I want to allow e.g. SSH on to my computer, running opensuse 11.4.

    When i try to open up the firewall, too allow this, the options to allow a service appear limited and impossible to add a new service. Also, the "name" field doesnt appear anywhere.

    Firewall tool has these options to the left:

    Here, enter additional ports or protocols to enable in the firewall zone.

    TCP Ports and UDP Ports can be entered as a list of port numbers, port names, or port ranges separated by spaces, such as 22, http, or 137:139.

    RPC Ports is a list of RPC services, such as nlockmgr, ypbind, or portmap, separated by spaces.

    IP Protocols is a list of protocols, such as esp, smp, or chaos, separated by spaces. Find the current list of protocols at http://www.iana.org/assignments/protocol-numbers.

    The Port Range consists of two colon-separated numbers that represent all numbers inside the range including the numbers themselves. The first port number must be lower than the second one, for example, 200:215.

    The Port Name is a name assigned to a port number by the IANA organisation. One port number can have multiple port names assigned. Find the assignment currently in use in the /etc/services file.
    And fields to the right, but on the right, there are no spaces for:


    The Port Range
    The Port Name


    When i click next/finish, no additional services are added to the allowed services for the firewall.

    It seems very difficult to use.

    Appreciate any help.

    Regards, samwootton

  2. #2
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,727
    Blog Entries
    2

    Default Re: Firewall Allowed Services

    Is it not showing "Secure Shell Server" in the list of "Allowed Services"?
    Leap 42.3 & 15.1(Beta) &KDE
    FYIs from the days of yore

  3. #3
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,167

    Default Re: Firewall Allowed Services

    If I am correct, when you start a service like SSH using YaST, Yast will also see that the firewall is configured for that purpose.
    Henk van Velden

  4. #4
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,727
    Blog Entries
    2

    Default Re: Firewall Allowed Services

    Quote Originally Posted by hcvv View Post
    If I am correct, when you start a service like SSH using YaST, Yast will also see that the firewall is configured for that purpose.
    I looked for ssh in network services to see what you mean Henk -- can't find it, is it somewhere else?
    Leap 42.3 & 15.1(Beta) &KDE
    FYIs from the days of yore

  5. #5
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,167

    Default Re: Firewall Allowed Services

    The SSH daemon (sshd) is in YaST > Software > Software services (runlevel).
    Henk van Velden

  6. #6
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,727
    Blog Entries
    2

    Default Re: Firewall Allowed Services

    Thanks Henk, now I found it.

    However the TCP port 22 isn't activated automatically IMO. I believe one must manually add "Secure Shell Server" to the list of "Allowed Services" in Yast's firewall module. [This allows the config tab buried at /etc/sysconfig/SuSEfirewall2.d/services/sshd to be switched on via an entry that Yast's "Allowed Services" inserts in the firewall script at /etc/sysconfig/SuSEfirewall2 on the line FW_CONFIGURATIONS_EXT]
    Leap 42.3 & 15.1(Beta) &KDE
    FYIs from the days of yore

  7. #7
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,167

    Default Re: Firewall Allowed Services

    Well, I wasn't sure (as I said), but I remember YaST doing things with the firewall configuration at least at "some" points. Espcialy I remember YaST asking if it should adapt the firewall. But it is long ago and I do not remember the exact circumstances.
    Henk van Velden

  8. #8

    Default Re: Firewall Allowed Services

    Just add TCP port 22 manualy to the firewall.

  9. #9
    Join Date
    Sep 2008
    Location
    Toronto,Canada
    Posts
    549

    Default Re: Firewall Allowed Services

    By having the service sshd you already can ssh from another machine to this. You don't need to add port 22. I verified on my home network.
    The problem I have with ssh is that this will make you the target of some hackers which will bombard you via ssh with lists of names hoping to hack into your computer. I was able in the past to configure the network to eliminate these attacks but I don't remember how and now I'm bombarded again.
    I tried to have my router redirect sshd requests from outside to be directed to another port in a higher range and have that port added in the list of ports for the computer i want in my home network. That is still not working as I'm still finding lots of requests on the /var/log/messages(grep for Invalid user). I have thousands of attempts in there(not verified the period of time). I think that on swerdna's site there are some info I will have to verify.
    Maybe removing the service sshd altogether will allow me to connect from other computers if i use the new ssh port? I will check that now

  10. #10
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,167

    Default Re: Firewall Allowed Services

    These are all new facts you did not mention earlier. We all thought you were only talking about your own LAN.

    You misunderstand the solution you tried with a higher portnumber.
    You should not forward port 22 from the router to a high number on your system, you should forward a high numberon your router to port 22 on your system.
    That means that an SSH user from outside must try to connect to that high number (and hackers probably would not do that because they will not knoww which high number you use) and usera will then arrive at port 22 of your system.
    Henk van Velden

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •